Ola Lundqvist writes:
> Could it be so that the problem is only reproducible on 32-bit systems?
It also occurred to me that maybe my computer has too much memory to
reproduce an "out of memory" error condition:
=== cut ===
(stretch-i386-default)root@silverfish:/tmp/brian/tmpcvxwwflu/build/i386#
Brian May writes:
> I can reproduce CVE-2018-19210. Both on wheezy and stretch. Doesn't
Me getting distributions confused. I tested on Jessie, and I was able to
reproduce the problem. I did not test wheezy.
--
Brian May
Brian May writes:
> Ola Lundqvist writes:
>
>> Could it be so that the problem is only reproducible on 32-bit
>> systems?
>
> Good point. Will try.
Nope. Can't reproduce i386 build on amd64 kernel. I would be rather
surprised if choice of kernel mattered.
I can reproduce CVE-2018-19210. Both o
Ola Lundqvist writes:
> Could it be so that the problem is only reproducible on 32-bit
> systems?
Good point. Will try.
--
Brian May
Hi
Could it be so that the problem is only reproducible on 32-bit systems?
// Ola
On Tue, 13 Nov 2018 at 07:30, Brian May wrote:
> Ola Lundqvist writes:
>
> > Interesting. I wonder what the fix do differently in this case. It is a
> > little worrying that it exit with a zero return code, but
Ola Lundqvist writes:
> Interesting. I wonder what the fix do differently in this case. It is a
> little worrying that it exit with a zero return code, but maybe not major.
> On the other hand, if we cannot reproduce the problem maybe it is not worth
> patching... Hmm.
I tried to reproduce this
Hi Brian
Interesting. I wonder what the fix do differently in this case. It is a
little worrying that it exit with a zero return code, but maybe not major.
On the other hand, if we cannot reproduce the problem maybe it is not worth
patching... Hmm.
// Ola
On Mon, 12 Nov 2018 at 07:24, Brian May
Ola Lundqvist writes:
> Hi Brian
>
> To me it looks like you have been able to reproduce the problem. You
> clearly get different results with and without the patch indicating
> that you have in fact triggered the problem. I do not see that you
> have run the program using a debugger, so are you
Hi Brian
To me it looks like you have been able to reproduce the problem. You
clearly get different results with and without the patch indicating that
you have in fact triggered the problem. I do not see that you have run the
program using a debugger, so are you sure that you did not end up in a
c
I applied the fix for this CVE. Patch attached.
However, then I found out I can't reproduce the bug under Debian/Jessie,
with or without the security update.
Version 4.0.3-12.3+deb8u7 in Jessie+security:
(jessie-i386-default)root@silverfish:/home/brian/tree/debian/lts/packages/tiff/tiff-4.0.3#
10 matches
Mail list logo
