ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
seanegan at gmail.com
Wed Jul 2 14:47:54 EDT 2008
On Thu, Jun 26, 2008 at 10:51 AM, Josh Bressers <bressers at redhat.com> wrote:
> On 26 June 2008, Richard Laager wrote:
>> On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
>> > I think the vulnerability is valid, but I think our fix needs to make sur=
>> > we're not wrapping back to 0.
>> Any idea on the right way to do that?
> Look at this:
> The whole guide is quite good.
I just discovered http://code.google.com/p/safe-iop/ which is derived
from that guide. It may be useful to include it.
More information about the Packagers