Re: integer overflow in xemacs
Ar an tríú lá is fiche de mí Eanair, scríobh Aidan Kehoe:
Ar an tríú lá is fiche de mí Eanair, scríobh Nico Golde:
> Hi Stephen,
> * Stephen J. Turnbull <stephen(a)xemacs.org> [2008-01-23 12:32]:
> > Nico Golde writes:
> >
> > > during the analysis of CVE-2007-6109 and if this affects
> > > xemacs Florian Weimer and me recognized a problem in the
> > > xemacs code:
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457764#10
> >
> > Do you actually have an exploit? If so, we should fix the particular
> > use, not change the macro.
>
> xemacs21 -batch -eval '(format "%30000000d" 0)'
> this is the same proof of concept like for CVE-2007-6109
> that already has been fixed in emacs.
And in XEmacs.
$ ./xemacs -batch -eval '(format "%30000000d" 0)'
$ echo $?
0
$
The fix was not included in beta 28, though. 21.4 never had the problem.
My mistake; there is a related problem that 21.5 had and 21.4 never did, but
21.4 does have this one.
Also, that is not an exploit, not even a proof-of-concept exploit.
[...]
--
¿Dónde estará ahora mi sobrino Yoghurtu Nghé, que tuvo que huir
precipitadamente de la aldea por culpa de la escasez de rinocerontes?
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta