Gordon Messmer wrote: > On 11/23/2009 08:37 PM, Les Mikesell wrote: >> Wasn't the last bug found and fixed 5 or 6 years ago? >> > > No. Earlier this year there was a heap overflow found that may allow > arbitrary code execution: > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1490 > Err, not exactly, it was a bug, but the result would have been some part of the header ending up in the body: https://bugzilla.redhat.com/show_bug.cgi?id=499252#c18 -- Les Mikesell lesmikesell at gmail.com