Not a security issue: htpdate "buffer overflow"

[Robert Buchholz <rbu () gentoo org>]

Hi,

a user reported[1] an apparant security issue to use regarding htpdate, 
which states in their changelog[2]:
" - Fixed a buffer overflow when time offset gets to large
    https://dev.openwrt.org/cgi-bin/trac.fcgi/ticket/3940 "

However, the diff upstream applied shows this only is an integer 
overflow, which they also confirmed via mail:
'Sorry for the wrong wordings, but it is indeed "only" an integer 
overflow.'

Since other distros also seem to ship htpdate, hopefully this helps to 
save some time.


Robert

[1] https://bugs.gentoo.org/show_bug.cgi?id=243294
[2] http://www.clevervest.com/twiki/bin/view/HTP/ChangelogC
[3] http://bugs.gentoo.org/attachment.cgi?id=169570&action=view

Attachment: signature.asc
Description: This is a digitally signed message part.