Eggdev: [PATCH] CVE-2007-2807: stack-based buffer overflow

Will Buckner wcc at
Wed Oct 17 01:48:47 CST 2007


Extremely sorry for the late response. Your e-mail got caught up in our 
mailing list approval queue :) Thanks for the patch; it has been 
committed (with slight modifications) to CVS for Eggdrop 1.6.19.

The only modifications I made were to use some of our macros for 
snprintf/strncpy (egg_snprintf() and strncpyz() respectively). We have a 
compatibility layer for systems that don't support snprintf(), and we 
use strncpyz() in most places to replace strncpy().

Thanks again!

Nico Golde wrote:
> Hi,
> I wrote a patch to fix 
> but since I am no eggdrop user I have problems testing it, I 
> have no idea how to use eggdrop and I am too lazy to learn 
> :)
> The patch is attached, can you please state if it should 
> work or not?
> Please Cc me, I am not subscribed.
> Kind regards
> Nico

More information about the Eggdev mailing list