[Pkg-erlang-devel] Bug report on erlang-odbc: odbcserver crashes with exit status 139
Alexandre Rebert
alexandre at cmu.edu
Thu Jun 27 16:38:27 UTC 2013
Hi Sergei,
On Thu, Jun 27, 2013 at 12:52 AM, Sergei Golovan <sgolovan at debian.org> wrote:
> Though I think that this bug is not very serious and certainly can't
> cause a security problem. The odbcserver binary is not suid or sgid
> and never meant to be executed in uncontrolled environment. The odbc
> Erlang code always correctly passes string "<some integer>;<another
> integer>\0" to odbcserver's stdin, so I don't know how to trigger this
> crash other than run the binary by hands.
That's a good point, and it looks like a majority of the crashes have
little security implications. The security tags will be removed before
submitting the report, unless advised otherwise by the package
maintainers.
> BTW, pkg-erlang-devel at lists.alioth.debian.org is a publicly available
> mailing list, so, this report can be already considered disclosed.
I realize only now that many emails (about 20% in our case), that are
listed as package maintainers, are public mailing lists. That's
unfortunate, but hopefully most reported bugs will not be security
critical.
Thanks,
Alex
More information about the Pkg-erlang-devel
mailing list