* Nico Golde: > Thanks very much for finding that. I did not see it when > checking the xemacs code because the code is located > somewhere else and the code itself is also different. This > also means that we have to write our own patch or do you > have one?
Sorry, I haven't. The easiest route would probably replace the sprintf calls with snprintf, and erroring out when the buffer is not large enough. > How did you spot that? On a hunch, I tried to trigger the bug on XEmacs. Perhaps I misremembered the reproducer, but it eventually crashed. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
