Subject: Re: converters/xlreader vulnerability fix
To: Curt Sampson <email@example.com>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 05/29/2005 00:44:47
Curt Sampson wrote:
> On Mon, 9 May 2005, Jeremy C. Reed wrote:
>> (I assume nb0 means no PKGREVISION was defined or was it really set to
> It was not defined.
Sorry for taking so long to respond I missed this thread.
You can find the sample exploit here:
I couldn't reproduce it on NetBSD with 0.90 and _without_ your patch.