[emboss-dev] [Fwd: Re: PHYLIP code]
Guy Bottu
gbottu at vub.ac.be
Wed Oct 10 10:24:50 UTC 2007
Dear Peter, dear Alan,
I had some Email exchange with Joe Felsenstein, the author of PHYLIP, and this
yielded me the following certainly interestinginformations :
- the e... programs from the old version contain a dangerous bug that makes them
vulnerable to buffer overflow attacks
- the f... programs might have code that is not up-to-date, since there is now
already a PHYLIP version 3.67
Regards,
Guy Bottu,
BEN
-------- Original Message --------
Subject: Re: The MUSCLE mystery
Date: Tue, 9 Oct 2007 09:43:17 -0700
From: Joe Felsenstein <joe at gs.washington.edu>
To: Guy Bottu <gbottu at vub.ac.be>
References: <470BA9AC.60802 at vub.ac.be>
<20071008195913.GD31764 at gs.washington.edu> <470C5D3F.7020908 at vub.ac.be>
Guy --
> They did upgrade. The old version with programs ednapars, etc. based on
> PHYLIP 3.57c is still in the "old" directory of their ftp server, but
> they now have a new version with programs fdnapars, etc. based on PHYLIP
> 3.6b. This appeared with EMBOSS version 3.0.0 already some time ago and
> I am afraid they still have code based on the beta version of PHYLIP
> 3.6 ; indeed the header of the files reads
> /* version 3.6 (c) Copyright 1993-2002 by the University of Washington.
> ...
Thanks, I am relieved. The old code was using the "gets" function that
is deprecated because it was subject to a buffer overflow.
It is too bad they can't be more up-to-date. I guess they have to do too
much surgery on my code to routinely update it. But at least they aren't
putting out code that can be attacked with a buffer overflow.
J.F.
----
Joe Felsenstein joe at gs.washington.edu
Department of Genome Sciences and Department of Biology,
University of Washington, Box 355065, Seattle, WA 98195-5065 USA
More information about the emboss-dev
mailing list