mailing list archives
Re: [MSY] S(ecure)Locate heap corruption vulnerability
From: Seth Arnold <sarnold () WILLAMETTE EDU>
Date: Tue, 28 Nov 2000 13:29:10 -0800
* Michal Zalewski <lcamtuf () dione ids pl> [001128 13:14]:
I am impressed it hasn't been fixed yet. Amazing.
Quoting from: http://www.geekreview.org/slocate/
Changes v2.2: Fixed a segfault. If the environment variable
LOCATE_PATH had an invalid slocate.db file path, slocate could
segfault. Proper checking now takes place to fix this.
I think this was fixed 00/06/22 -- but I am not entirely clear on how
the dates line up with the versions mentioned. (And no, I don't know if
the fix managed to break other items..)
In the past, Kevin was very friendly and helpful when I contacted him.
Unless that has changed I think getting fixes into new versions is
pretty easy. :)
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''