Bug#497441: Bug#497649: Broken security patch for WordNet

Andreas Tille tillea at rki.de
Fri Sep 5 15:03:03 UTC 2008

On Fri, 5 Sep 2008, Nico Golde wrote:

> As far as I know this was part of the patch by oCert.

Well, who actually is oCert, i.e. how can I report problems with
their patches?

> However its not a security fix but just a cleanup as both
> function calls are equal.

Well, apparently they are not.  If you include the patch wordnet
fails displaying synonyms.  I have no idea why.  And while I'm
no security expert I prefer strncpy - OK I admit strlen seeks
for a '\0' and thus it might look equal at first view, but feel
free to try the difference with and without this part of the
patch (check out from SVN might help you seeing the difference).

Kind regards



More information about the debian-science-maintainers mailing list