Hi, Yes I think I did submitted it to upstream.
I don't have a particular patch, but I believe it is trivial to add a check for the overflow. Thanks, Sang Kil On Sat, Nov 30, 2013 at 3:40 AM, Charles Plessy <ple...@debian.org> wrote: > Le Sun, Nov 10, 2013 at 09:20:08PM -0500, Sang Kil Cha a écrit : >> Package: staden-io-lib-utils >> Version: 1.12.4-1 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> index_tar has a buffer overflow vulnerability. A PoC file is attached. > > Hello, > > thanks for the report. Have you also submitted it upstream ? Do you > have a suggestion on how to solve the problem ? > > Cheers, > > -- > Charles Plessy > Debian Med packaging team, > http://www.debian.org/devel/debian-med > Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
