Jeremie Courreges-Anglas <jca@wxcvbn.org> wrote:
> On Wed, Sep 08 2021, Renaud Allard <renaud@allard.it> wrote:
>
> [...]
>
> > I discussed with exim guys and it seems they are quiet reluctant at
> > modifying "correct C code".
>
> Even sprintf uses can be correct, it doesn't mean that people should use it.
the exim people talking about "correct C code", in the context of
security risk from %n landing in format strings.
So we patch it locally, and wait for them to learn a lesson on systems
which continue supporting %n
No comments:
Post a Comment