Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability
From: Adam Back <adam@xxxxxxxxxxxxxxx>
Date: 7 Apr 2005 05:19:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <87r7irrzne.fsf@xxxxxxxxxxxxxxxxxx>

Hi

Two notes:

- the format string security bug is now fixed in hashcash-1.17

- Hubert is correct that the bug was not in hashcash-1.13, it was introduced in 
hashcash 1.14

Cheers

Adam

>Just to note, version 1.13 of hashcash (incidentally, the version that's
>in Debian testing) doesn't seem to be vulnerable, as it doesn't contain
>the buggy line that Travis found.  I'm not sure exactly when the bug was
>introduced.

Prev by Date: [ GLSA 200504-06 ] sharutils: Insecure temporary file creation
Next by Date: [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability
Previous by thread: Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability
Next by thread: [FLSA-2005:1748] Updated subversion packages fix security issues
Index(es):
- Date
- Thread