On Wed, Apr 20, 2005 at 05:43:25PM +0200, Ulf Harnhammar wrote:
> Hello,
>
> I failed concentrating on my university essay ;) I've done some work on it, but I've
> also audited more stuff, resulting in DSA-700 and DSA-706. Number 700 is an XSS bug
> in mailreader, that occurs because it uses spaces at the end of tags to signify that
> they're OK but it forgets to remove tags that come in from the network with spaces
> at the end. Number 706 is a stack-based remote buffer overflow in axel when handling
> redirects. (More details can be found in my Advogato diary at
> http://advogato.org/person/metaur/ .) Neither mailreader nor axel look especially secure,
> so I'm sure someone who spends more time auditing them will find other vulnerabilities.
Added to the list in the website.
> I have also found and filed some bugs:
>
> #302273 (format strings cause crashes in didiwiki)
> #302454 (trackballs follows symlinks as gid games)
> #304525 (ilohamail has multiple XSS bugs)
> #305255 (gzip (!!) has a directory traversal bug when using "gunzip -N")
Added too.
> The new OpenBSD song is out now BTW ;)
:-)
Regards
Javier