| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimjbVVzrueGriqHTr7ebTSJ6XwMvTK71Y+wvQmB@mail.gmail.com> Date: Sat, 26 Feb 2011 09:04:04 +1030 From: Graham Gower <graham.gower@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: glibc and alloca() On 25 February 2011 18:52, Maksymilian Arciemowicz <cxib@...urityreason.com> wrote: > Chris Evans <scarybeasts <at> gmail.com> writes: >> Linux distribution might still have vulnerabilities in this area. > > proftpd use gnu libc implementation > > http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4rc1 > + Updated fnmatch implementation, using glibc-2.9 version. > > Version 1.3.3d may contain this issue > http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6 http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch.c?revision=1.9&view=markup http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch_loop.c?revision=1.9&view=markup Perhaps they need to update the fnmatch implementation again. -Graham _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists