Re: RSAREF2 buffer overflow?

To: Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost>
Subject: Re: RSAREF2 buffer overflow?
From: David Brownlee <abs%netbsd.org@localhost>
Date: Tue, 14 Dec 1999 21:29:17 +0000 (GMT)

On Tue, 14 Dec 1999, Bill Sommerfeld wrote:

> > I know this doesn't apply to those outside the US [1], but the
> > NetBSD-specific section in the recent CERT advisory regarding buffer
> > overflows in RSAREF2 says basically "we advise recompiling things to not
> > use RSAREF2."  What about those of us who (for legal or other reasons)
> > don't have the option?
> 
> This looks like the result of a left hand vs. right hand disconnect.
> Patches for this problem were checked into pkgsrc on december 2nd.
> 
> > should I send-pr this?
> 
> No, it's already fixed..  too bad it's too late to fix the advisory.

        Can someone either put something up on the website to this effect,
        give me the appropriate text, or point me at the person whom I
        should bug.


                David/absolute

Follow-Ups:
- Re: RSAREF2 buffer overflow?
  - From: Bill Sommerfeld

References:
- Re: RSAREF2 buffer overflow?
  - From: Bill Sommerfeld

Prev by Date: Re: RSAREF2 buffer overflow?
Next by Date: Re: RSAREF2 buffer overflow?
Previous by Thread: Re: RSAREF2 buffer overflow?
Next by Thread: Re: RSAREF2 buffer overflow?
Indexes:

Home | Main Index | Thread Index | Old Index