[xml/sgml-pkgs] Bug#493162: Bug#493162: libxslt1.1: buffer overflow [CVE-2008-2935]
Mike Hommey
mh at glandium.org
Fri Aug 1 08:24:38 UTC 2008
On Fri, Aug 01, 2008 at 10:19:32AM +0200, Thijs Kinkhorst <thijs at debian.org> wrote:
> On Friday 1 August 2008 10:09, you wrote:
> > On Fri, Aug 01, 2008 at 09:11:05AM +0200, Thijs Kinkhorst <thijs at debian.org>
> wrote:
> > > tags 493162 patch
> > > thanks
> >
> > Wouldn't a lot of the strings in this patch be better off allocated
> > on the stack?
>
> Sorry, I should have made it clearer that I was just forwarding information we
> got through vendor-sec and that has been applied to the upstream repository.
> I've got no personal involvement with it.
If that's what has been applied in upstream, then I'm not surprised.
Upstream likes to use heap.
Mike
More information about the debian-xml-sgml-pkgs
mailing list