search for: jinmei

...pty string in secure_filename(), but I'm not sure if this is the correct fix. We might rather use the shared dirname() in openbsd-compat/dirname.c. So I've not included the quick hack for now. I'd apologize in advance if this is a well-known issue and/or has already been fixed. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei at isl.rdc.toshiba.co.jp p.s. I don't subscribe to the list, so if anyone of you need further information or questions on this issue, please include me in the response explicitly. Thanks. *** au...

Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene

...r code. >> >> Robert, anyone, could you please check? > > Eygene, > > Sorry for the delayed response on this -- I've only just returned > from Tokyo > in the last day and am significantly behind in e-mail from the trip. > > According to a source analysis by Jinmei, we are not vulnerable, > but I will > continue tracking the thread. Apparently this vulnerability > involved an issue > in the handling of M_EXT, and our implementation of clusters differs > significantly from OpenBSD, so it seems likely we are not > affected. If we >...