Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] Re: Testing many small file write on several filesystems
On 11/5/2013 9:45 PM, Claudio Freire wrote:
On Wed, Nov 6, 2013 at 1:13 AM, Linda Walsh <suse@xxxxxxxxx> wrote:
On 11/5/2013 7:44 PM, Claudio Freire wrote:
On Tue, Nov 5, 2013 at 11:09 PM, Linda Walsh <suse@xxxxxxxxx> wrote:
No -- I assert that HTML is markup on text -- it isn't scripting -- but
it does the same thing that some reader do automatically.


That's oh-so-naive

----
Could you elaborate. I'm talking HTML with no includes and no scripts�
i.e. the complete source in the text.


https://www.google.com.ar/search?q=buffer+overflow+in+html+parser&ie=utf-8&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&gws_rd=cr&ei=Ntd5UqCJO5C_sQSFoIHgDw

Google search, first try, first query that popped into my head.

-----------
You should have looked a bit deeper...

Nothing about an exploit, but you can find a similar list @:
https://www.google.com/search?q=buffer+overflow+in+text+parser
Or

https://www.google.com/search?q=buffer+overflow+in+text+email

Including buffer overflows in mutt -- a plaintext reader.

or this is a goodie:

CERT/CC Blog: *****Plain Text Email in Outlook Express*************
www.cert.org/blogs/certcc/.../plain_text_email_in_outlook_ex.html - Cached -
Similar
Nov 13, 2009 ... Reading email messages in plain text seems like a reasonable thing to ... cursor
stack buffer overflow vulnerability (VU#191609), I noticed that ...

So far you helping me show more bugs in plain text emails that I would have
guessed... fascinating...so maybe text emails are more of a security risk
than HTML, due to people's implicit belief that plaintext emails can't contain
such problems so there is less checking?






--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups