[MBT] new entry in pkg wget "Possible remote exploitable buffer underun?"
bugs at pld-linux.org
bugs at pld-linux.org
Tue Nov 4 14:12:13 CET 2003
Date: 2003-11-04 14:12:12+01 Author: Jakub Bogusz (qboosh) <qboosh at pld-linux.org>
Title: Possible remote exploitable buffer underun?
Ticket ID: #749
Ticket URL: http://bugs.pld-linux.org/?bug=749
Package: wget-1:1.8.2-2
Distribution: PLD-1.0.updates.security
Category: security problem
Current state: resolving state
Text:
Yes, there existed off-by-two buffer overflow in
compose_file_name() function. It looks like vulnerability
pointed by CAN-2002-1565, except that it was related to
wget 1.8.1 and function name was different...
(url_filename() calls compose_file_name(), so it's minor difference).
Thanks for noticing.
Fixed package will be available soon as wget 1.8.2-3.
*** State changed to 'resolving state'
More information about the pld-bugs
mailing list