A bug in cvs versions up to and including 1.11.4 was recently found
where, under certain conditions,
a pointer is free()'d, and then free()'d again without being
re-initialised.
The reports with regards to the exploitability of the condition in
question range from -
"it is a classical exploitable...
where, under certain conditions,
a pointer is free()'d, and then free()'d again without being
re-initialised.
The reports with regards to the exploitability of the condition in
question range from -
"it is a classical exploitable...
[ more ]