|
Message-ID: <1328117400.27034.2.camel@scapa>
Date: Wed, 01 Feb 2012 18:30:00 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request (two ids) -- Xchat-WDK (prior
1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based
buffer overflow by processing UTF-8 line from server containing characters
outside BMP
On mer., 2012-02-01 at 13:53 +0100, Berke Viktor wrote:
> Hello,
>
> Here are my notes:
>
> - Apparently only Windows versions are affected, no Linux ones. I
> haven't tested Maemo but I'd be suprised if it would crash.
> - Not all non-BMP characters crash, only a specific range. See the
> patch
> you linked for details.
It did crash Maemo clients, that's where the report came from.
--
Yves-Alexis
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.