|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability
From: Adam Back (adam
cypherspace.org)
Date: Thu Apr 07 2005 - 00:19:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <87r7irrzne.fsfevinrude.uhoreg.ca>
Hi
Two notes:
- the format string security bug is now fixed in hashcash-1.17
- Hubert is correct that the bug was not in hashcash-1.13, it was introduced in hashcash 1.14
Cheers
Adam
>Just to note, version 1.13 of hashcash (incidentally, the version that's
>in Debian testing) doesn't seem to be vulnerable, as it doesn't contain
>the buggy line that Travis found. I'm not sure exactly when the bug was
>introduced.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]