oss-sec mailing list archives
Not a security issue: htpdate "buffer overflow"
From: Robert Buchholz <rbu () gentoo org>
Date: Sat, 25 Oct 2008 15:11:56 +0200
Hi, a user reported[1] an apparant security issue to use regarding htpdate, which states in their changelog[2]: " - Fixed a buffer overflow when time offset gets to large https://dev.openwrt.org/cgi-bin/trac.fcgi/ticket/3940 " However, the diff upstream applied shows this only is an integer overflow, which they also confirmed via mail: 'Sorry for the wrong wordings, but it is indeed "only" an integer overflow.' Since other distros also seem to ship htpdate, hopefully this helps to save some time. Robert [1] https://bugs.gentoo.org/show_bug.cgi?id=243294 [2] http://www.clevervest.com/twiki/bin/view/HTP/ChangelogC [3] http://bugs.gentoo.org/attachment.cgi?id=169570&action=view
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Not a security issue: htpdate "buffer overflow" Robert Buchholz (Oct 25)