Hi Chong, * Chong Yidong [2008-01-10 16:29]: > > I had a quick look at the pop.c code today and found some > > issues. > > > > In pop_stat: > > > > If I don't miss anything the atoi call in 380 is not save as it is not > > save because it is not ensure that &fromserver[4] is not NULL. A crafted > > pop3 server could thus crash emacs. This is of course not a real issue but > > wouldn't be nice. Same for the pop_last function. > > > > In pop_list: > > > > in 441 and 442 there should be some check for how_many to prevent an integer > > overflow here. > > Fixed. Thanks for pointing these out. What do you think about requesting a CVE id for this? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.