[17835] in bugtraq
Re: [MSY] S(ecure)Locate heap corruption vulnerability
daemon@ATHENA.MIT.EDU (Seth Arnold)
Wed Nov 29 13:23:48 2000
Mail-Followup-To: BUGTRAQ@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001128132910.P29227@willamette.edu>
Date: Tue, 28 Nov 2000 13:29:10 -0800
Reply-To: Seth Arnold <sarnold@WILLAMETTE.EDU>
From: Seth Arnold <sarnold@WILLAMETTE.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0011272347010.23147-100000@dione.ids.pl>; from
lcamtuf@dione.ids.pl on Mon, Nov 27, 2000 at 11:57:15PM +0100
* Michal Zalewski <lcamtuf@dione.ids.pl> [001128 13:14]:
> I am impressed it hasn't been fixed yet. Amazing.
Quoting from: http://www.geekreview.org/slocate/
Changes v2.2: Fixed a segfault. If the environment variable
LOCATE_PATH had an invalid slocate.db file path, slocate could
segfault. Proper checking now takes place to fix this.
I think this was fixed 00/06/22 -- but I am not entirely clear on how
the dates line up with the versions mentioned. (And no, I don't know if
the fix managed to break other items..)
In the past, Kevin was very friendly and helpful when I contacted him.
Unless that has changed I think getting fixes into new versions is
pretty easy. :)
--
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''
