Bug#497441: Bug#497649: Broken security patch for WordNet
Nico Golde
nion at debian.org
Fri Sep 5 16:57:14 UTC 2008
Hi Andreas,
* Andreas Tille <tillea at rki.de> [2008-09-05 17:59]:
> On Fri, 5 Sep 2008, Nico Golde wrote:
>
> >As far as I know this was part of the patch by oCert.
>
> Well, who actually is oCert, i.e. how can I report problems with
> their patches?
http://www.ocert.org/advisories/ocert-2008-014.html
https://www.ocert.org/contact_info.html has some contact
information.
> >However its not a security fix but just a cleanup as both
> >function calls are equal.
>
> Well, apparently they are not. If you include the patch wordnet
> fails displaying synonyms. I have no idea why. And while I'm
> no security expert I prefer strncpy - OK I admit strlen seeks
> for a '\0' and thus it might look equal at first view, but feel
> free to try the difference with and without this part of the
> patch (check out from SVN might help you seeing the difference).
Sorry I have no time to dig into this further as I'm moving
to a new house on monday :)
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20080905/d9d58797/attachment-0001.pgp
More information about the debian-science-maintainers
mailing list