Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: glibc and alloca()

From: Graham Gower <graham.gower () gmail com>
Date: Sat, 26 Feb 2011 09:04:04 +1030
On 25 February 2011 18:52, Maksymilian Arciemowicz
<cxib () securityreason com> wrote:

Chris Evans <scarybeasts <at> gmail.com> writes:

Linux distribution might still have vulnerabilities in this area.


proftpd use gnu libc implementation

http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4rc1
 + Updated fnmatch implementation, using glibc-2.9 version.

Version 1.3.3d may contain this issue



http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch.c?revision=1.9&view=markup
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch_loop.c?revision=1.9&view=markup

Perhaps they need to update the fnmatch implementation again.

-Graham

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: