Vulnerability Development mailing list archives

Re: m4 and format strings

From: KF <dotslash () snosoft com>
Date: Wed, 27 Jun 2001 07:45:40 -0400

GNU m4 is maintained by Reni Seindal. 
Checking his changelog from 
http://www.seindal.dk/rene/gnu/changelog.htm
I didn't see any changes since 2000-01-16 so someone may wish to pass
the 
patch on to the author if it was not provided by him. 

Here is at least three of the threads with the format issues if anyone
was 
interested in the possible exploitation of this issue. 

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26end%3D2001-06-30%26tid%3D161424%26start%3D2001-06-24%26

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ftid%3D165006%26start%3D2001-06-24%26threads%3D0%26list%3D82%26end%3D2001-06-30%26

This is the thread which spawned from the man issue. 
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26tid%3D160449%26end%3D2001-06-30%26threads%3D0%26start%3D2001-06-24%26

-KF

Current thread:

m4 and format strings KF (Jun 26)
- Re: m4 and format strings Jarno Huuskonen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
  - Re: m4 and format strings Robert van der Meulen (Jun 27)
    - Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
    - Re: m4 and format strings KF (Jun 27)
  - Re: m4 and format strings Matt Zimmerman (Jun 27)