Full Disclosure mailing list archives
Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows
From: Valdis.Kletnieks () vt edu
Date: Fri, 18 Apr 2008 10:20:32 -0400
On Thu, 17 Apr 2008 23:17:14 CDT, reepex said:
I find it funny you are the one to complain about too many advisories when you spam the list with sprintf and strcpy bugs you grepped for in random applications everyday On Tue, Apr 15, 2008 at 9:20 AM, Luigi Auriemma <aluigi () autistici org> wrote:
It's just like if someone finds a bug in zlib and releases 10000 advisories, one for each program in the world which uses the library... the bug is not in these 10000 programs but only in zlib.
And in fact, the last time there was a bug in zlib, there *were* a zillion advisories, because at the time, a zillion packages carried their own private copy of zlib around because it may or may not have been available on the target system, or because they statically linked zlib in so just updating the system copy of the shared library doesn't help. Nobody (as far as I know) filed an advisory for packages that used the system zlib, only for those packages that wouldn't be fixed by updating the system copy. I'd be interested in knowing what Luigi would recommend be done for such packages...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Luigi Auriemma (Apr 15)
- Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Erik Harrison (Apr 15)
- Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows reepex (Apr 17)
- Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Valdis . Kletnieks (Apr 18)
- <Possible follow-ups>
- Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Juha-Matti Laurio (Apr 17)