[DebianGIS-dev] Bug#523027: [oss-security] incorrect upstream fix for CVE-2009-0840 (mapserver)
Nico Golde
oss-security+ml at ngolde.de
Mon Jun 22 13:46:28 UTC 2009
Hi,
* Nico Golde <oss-security+ml at ngolde.de> [2009-06-22 15:45]:
[...]
> Unfortunately this doesn't fix the issue and I wonder why people always think
> changing signed types to unsigned will fix such errors.
> If I pass 0xffffffff as the content-length according to type conversion rules
> in C atoi() will convert this to -1 which is again converted to 0xffff when
0xffffffff^^
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20090622/832fc312/attachment.pgp>
More information about the Pkg-grass-devel
mailing list