kdepim buffers patch

Adriaan de Groot groot at kde.org
Mon Jan 3 09:15:55 GMT 2005


[CC to -pim, where the people to whom these patches apply really live.]

On Friday 31 December 2004 21:44, Steve G wrote:
> libical/src/libical/icaltime.c This is not exploitable as it writes to the
> heap in a formatted way. It *will* crash korganizer. 26 bytes are needed as
> a minimum according to ctime man page.

All the ical patches look ok, but there's one caveat: libical is a big chunk 
of source from elsewhere which is in an odd state of maintainership. Every 
time someone wants to patch libical, the question of whether to merge 
upstream (or to import a newer version of the upstream lib) is raised.

As for the holidays patch (which you didn't describe), I think that code is 
gone entirely from ... no, it's moved to elsewhere. Looks good as well.


-- 
Don't worry, 't ain't no shame to be stupid - ol' mouse.
    GPG: FEA2 A3FE Adriaan de Groot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/d9a00d28/attachment.sig>
-------------- next part --------------
_______________________________________________
kde-pim mailing list
kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
kde-pim home page at http://pim.kde.org/


More information about the kde-core-devel mailing list