The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FWD: Buffer overflow in sperl5.003

To: Dan Stromberg <strombrg@hydra.acs.uci.edu>
Subject: Re: FWD: Buffer overflow in sperl5.003
From: "Darren/Torin/Who Ever..." <torin@daft.com>
Date: 18 Apr 1997 17:16:59 -0700
Cc: debian-private@lists.debian.org, security@debian.org
In-reply-to: Dan Stromberg's message of Fri, 18 Apr 1997 12:59:16 -0700
Organization: Discordian Alliance For Teaching
References: <19970418140418.41234@kite.ml.org> <3357D294.474E@hydra.acs.uci.edu>
Resent-cc: recipient list not shown: ;
Resent-date: 19 Apr 1997 01:15:50 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"L7QBr.0.J82.5p1Mp"@debian>
Resent-sender: debian-private-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----

Here's an issue.  I can fix this specific buffer overflow problem in
perl 5.003.07 this weekend.  The fix has had only cursory checks; I'll
do more in a bit.

There is work afoot to find all the possible buffer overruns in the
suidperl code and get rid of them.  That *won't* be easily portable back
to 5.003.07 and would require us to go to perl 5.003.98 (or 5.004) while
frozen.

I would be reluctant to go with that latter option since some things
would probably break but then there is the issue of put out suidperl
with potential for further buffer overruns.

What do the folks here think?

Darren
- -- 
<torin@daft.com> <http://www.daft.com/~torin> <torin@debian.org> <torin@io.com>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-800-921-4996
@ Do you have your clothes on? I probably don't. Take yours off. Feel better. @
@ Sysadmin, webweaver, postmaster for hire.  C/Perl/CGI programmer and tutor. @

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBM1gOwo4wrq++1Ls5AQGB5AP+IYjvoVM+/zYB7w4fsigjthhSXFJ3W8hT
g34PtdLAJMMfjs+QDrJrwlUkO0zi/9LAc1Ph4CSLeoMZO9yEUDLc316P4aMZ9C4G
ZzMa/+SQCgCgLAKiRpzHqr0OAOV/ClGfi3OCphIHjdWeKaIu1ixHEIZ5CJq7X/bA
bejwOGA4BgQ=
=+2ys
-----END PGP SIGNATURE-----


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Follow-Ups:
- Re: FWD: Buffer overflow in sperl5.003
  - From: Rob Browning <osiris@cs.utexas.edu>

References:
- FWD: Buffer overflow in sperl5.003
  - From: Joey Hess <joey@kite.ml.org>
- Re: FWD: Buffer overflow in sperl5.003
  - From: Dan Stromberg <strombrg@hydra.acs.uci.edu>

Prev by Date: Re: FWD: Buffer overflow in sperl5.003
Next by Date: Re: FWD: Buffer overflow in sperl5.003
Previous by thread: Re: FWD: Buffer overflow in sperl5.003
Next by thread: Re: FWD: Buffer overflow in sperl5.003
Index(es):
- Date
- Thread