integer overflow in xemacs
Aidan Kehoe
kehoea at parhasard.net
Wed Jan 23 17:13:48 EST 2008
Ar an tríú lá is fiche de mí Eanair, scríobh Aidan Kehoe:
> Ar an tríú lá is fiche de mí Eanair, scríobh Nico Golde:
>
> > Hi Stephen,
> > * Stephen J. Turnbull <stephen at xemacs.org> [2008-01-23 12:32]:
> > > Nico Golde writes:
> > >
> > > > during the analysis of CVE-2007-6109 and if this affects
> > > > xemacs Florian Weimer and me recognized a problem in the
> > > > xemacs code:
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457764#10
> > >
> > > Do you actually have an exploit? If so, we should fix the particular
> > > use, not change the macro.
> >
> > xemacs21 -batch -eval '(format "%30000000d" 0)'
> > this is the same proof of concept like for CVE-2007-6109
> > that already has been fixed in emacs.
>
> And in XEmacs.
>
> $ ./xemacs -batch -eval '(format "%30000000d" 0)'
> $ echo $?
> 0
> $
>
> The fix was not included in beta 28, though. 21.4 never had the problem.
My mistake; there is a related problem that 21.5 had and 21.4 never did, but
21.4 does have this one.
> Also, that is not an exploit, not even a proof-of-concept exploit.
>
> [...]
--
¿Dónde estará ahora mi sobrino Yoghurtu Nghé, que tuvo que huir
precipitadamente de la aldea por culpa de la escasez de rinocerontes?
More information about the XEmacs-Beta
mailing list