Kenneth Porter writes:
--On Saturday, June 04, 2005 4:46 PM -0400 Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:
A minor update. Upon further investigation one of the bugs turned into an illegal out-of-bounds memory access, which, I guess makes it a security issue.
Any hostile server could now potentially cause any libwww client to segfault, from the looks of things. This includes the LWP module. What a gawdawful mess?
The function which is responsible for this mess is beyond hope, and must be rewritten.
I don't see the issues listed here:
<https://bugzilla.redhat.com/bugzilla/buglist.cgi?component=w3c-libwww>
You might want to file new entries for these.
This needs to be fixed upstream, not just in Fedora. Besides, nobody's going to take a patch that pretty much replaces an entire function, at least not until it's accepted upstream. I'm trying to get ahold of someone. I'll put something into Bugzilla once they agree with my patch and commit it. Then I can file a bug documenting the commit and asking for an interim errata.
Attachment:
pgpb5N2vZJwWS.pgp
Description: PGP signature
