Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability

[Adam Back <adam () cypherspace org>]

In-Reply-To: <87r7irrzne.fsf () evinrude uhoreg ca>

Hi

Two notes:

- the format string security bug is now fixed in hashcash-1.17

- Hubert is correct that the bug was not in hashcash-1.13, it was introduced in hashcash 1.14

Cheers

Adam

> Just to note, version 1.13 of hashcash (incidentally, the version that's
> in Debian testing) doesn't seem to be vulnerable, as it doesn't contain
> the buggy line that Travis found.  I'm not sure exactly when the bug was
> introduced.