[maemo-developers] [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories

From: Andrew Flegg andrew at bleb.org
Date: Wed Oct 25 18:01:11 EEST 2006
On 10/25/06, Marius Vollmer <marius.vollmer at nokia.com> wrote:
> this is embarrassing: there is a buffer overflow in the Application
> Manager that is triggered when dealing with package icons that are
> larger than 2048 bytes after base64 decoding.

Oops. Thanks for the disclosure.

> The bug is present in all versions of osso-appliction-manager less
> than 4.36, except 4.22.1.  Version 4.36 will appear in Sardine
> soonish, and 4.22.1 will be in the next maintenance release of IT
> 2006.

This now brings the question of an end-user roadmap back to the fore
with a vengenance. To put it bluntly, how long is Nokia going to leave
end users vulnerable to possible attacks? When *is* the next maintenance
release of IT 2006?



Andrew Flegg -- mailto:andrew at bleb.org  |  http://www.bleb.org/

More information about the maemo-developers mailing list