From: Matt Kraai <[EMAIL PROTECTED]> Date: Thu, 27 May 2004 09:29:03 -0300
> On Thu, May 27, 2004 at 07:09:42PM +0900, SUGIYAMA Tomoaki wrote: > > I think that it is not "Buffer overflow" but "Heap overflow" on > > line 136 in webwml/english/News/weekly/2004/21/index.wml file. (snip) > The CVE advisory says > Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and > 1.12.x up to 1.12.7, when using the pserver mechanism allows > remote attackers to execute arbitrary code via Entry lines. > so I think both descriptions are correct. Thank you. I had simply compared them with the title of DSA pages linked from the list. I do not know why that is not same as a title of those pages specially, but now I can understand that "Buffer overflow" is correct for DSA-505. And also, I found similar cases in the past Weekly Newses. Thanks. -- SUGIYAMA Tomoaki <tomos at webmasters.gr.jp>