[VIM] Hyper Estraier
security curmudgeon
jericho at attrition.org
Fri Jul 21 18:38:47 EDT 2006
Secunia (21049) & CVE (2006-3671) reported a CSRF vuln in Hyper Estraier.
Information came from the following changelog:
http://sourceforge.net/project/shownotes.php?release_id=432119
2006-07-13 Mikio Hirabayashi <mikio at users.sourceforge.net>
* estmaster.c (communicate): a CSRF vulnerability was cleared.
--
However, a few more entries stand out:
* estmaster.c (sendnodecmdsearch): a bug of race condition was fixed.
* estnode.c (est_get_host_addr): a bug about race confition of threads
was fixed.
* estnode.c (est_url_shuttle_impl): a bug of memory leak was fixed.
* estraier.c (est_idx_size): a bug about overflow was fixed.
The two race conditions are too vague for creating an entry solely off the
above text in my opinion. "memory leak" is always iffy as it could be
anything from a slow exhaustion of resources to disclosure of information.
But typically an overflow is worth pointing out.
More information about the VIM
mailing list