Re: RSAREF2 buffer overflow?

To: "Aaron J. Grier" <agrier%poofy.goof.com@localhost>
Subject: Re: RSAREF2 buffer overflow?
From: Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost>
Date: Tue, 14 Dec 1999 16:18:50 -0500

> apologies if this is the wrong list, but tech-security looks like it's
> been dead for almost six months...
> 
> I know this doesn't apply to those outside the US [1], but the
> NetBSD-specific section in the recent CERT advisory regarding buffer
> overflows in RSAREF2 says basically "we advise recompiling things to not
> use RSAREF2."  What about those of us who (for legal or other reasons)
> don't have the option?

This looks like the result of a left hand vs. right hand disconnect.
Patches for this problem were checked into pkgsrc on december 2nd.

> should I send-pr this?

No, it's already fixed..  too bad it's too late to fix the advisory.

                                        - Bill

Follow-Ups:
- Re: RSAREF2 buffer overflow?
  - From: David Brownlee

References:
- RSAREF2 buffer overflow?
  - From: Aaron J. Grier

Prev by Date: RSAREF2 buffer overflow?
Next by Date: Re: RSAREF2 buffer overflow?
Previous by Thread: RSAREF2 buffer overflow?
Next by Thread: Re: RSAREF2 buffer overflow?
Indexes:

Home | Main Index | Thread Index | Old Index