[38264] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability

daemon@ATHENA.MIT.EDU (Adam Back)
Thu Apr 7 12:33:58 2005

Date: 7 Apr 2005 05:19:30 -0000
Message-ID: <20050407051930.22885.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Adam Back <adam@cypherspace.org>
To: bugtraq@securityfocus.com

In-Reply-To: <87r7irrzne.fsf@evinrude.uhoreg.ca>

Hi

Two notes:

- the format string security bug is now fixed in hashcash-1.17

- Hubert is correct that the bug was not in hashcash-1.13, it was introduced in hashcash 1.14

Cheers

Adam

>Just to note, version 1.13 of hashcash (incidentally, the version that's
>in Debian testing) doesn't seem to be vulnerable, as it doesn't contain
>the buggy line that Travis found.  I'm not sure exactly when the bug was
>introduced.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38264] in bugtraq

Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability

daemon@ATHENA.MIT.EDU (Adam Back)Thu Apr 7 12:33:58 2005

daemon@ATHENA.MIT.EDU (Adam Back)
Thu Apr 7 12:33:58 2005