Package: ytalk Version: 3.3.0-5 Severity: minor Hello,
Some time ago, I filed a RFE which resulted in the inclusion of user.dpatch and shell.dpatch. Since then, I learned that the way I used getenv there is unsafe (there may be an other call to getenv or putenv before the value returned by getenv is used, which can invalidate the result). Since I did not notice any error in practice, I am rating this as minor, but I felt that I should warn you. In user.dpatch, return c; should probably be replaced by something like: return strndup(c,12); (I think 12 is the right number, but I don't know for sure, and the old strdup may be safe enough to use on the output of getenv anyway) and something similar should be done for the shell patch. Sorry about the lousy patches... And please feel free to ignore this bug if you believe it is not worth fixing. -- System Information: Debian Release: lenny/sid APT prefers stable APT policy: (500, 'stable'), (50, 'testing'), (10, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages ytalk depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libncurses5 5.6+20080308-1 Shared libraries for terminal hand ii talkd 0.17-13 Remote user communication server ytalk recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
