David Endler <[EMAIL PROTECTED]> found an exploit in wv with respect to how it handles date and time fields. Via a little malicious hacking and ingenuity, one can cause a buffer overrun because a bit of code uses strcat. Using this, one can get wvHtml and possibly other things that use this function to execute arbitrary bytecode. I have committed what I believe is an adequate workaround for the problem at hand. Bonsai has the relevant files and lines changed. Alternate suggestions and solutions welcomed, especially in cvs diff -u format.
Dom CVS: ---------------------------------------------------------------------- CVS: Enter Log. Lines beginning with `CVS:' are removed automatically CVS: CVS: Committing in . CVS: CVS: Modified Files: CVS: field.c CVS: ---------------------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
