oss-sec mailing list archives
Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
From: Joshua Roers <honey () internot info>
Date: Sat, 15 Nov 2014 18:10:30 +1100
On 06/11/14 17:07, Joshua Rogers wrote:
The vulnerable function, warningv([..]), is called in many other places, and is not limited to '-i'.
Just for reference: the vulnerable function is actually parse_error_msg([..]), not warningv([..]). Thanks, -- -- Joshua Rogers <https://internot.info/>
Current thread:
- CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 05)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers (Nov 15)