[Secure-testing-team] Re: ekg: Bug#318970 - possibly remotely
exploitable integer overflow
Martin Schulze
joey at infodrom.org
Tue Jul 19 05:29:44 UTC 2005
Marcin Owsiany wrote:
> This is different from the bugs fixed in DSA-760.
> Present in both 1.5+20050712+1.6rc2-1 (testing/sid) and 1.5+20050411-3
> (sarge) and 1.5+20050411-4 (sarge-security).
> ekg is not present in oldstable (woody)
>
> This time there is only one debian bug, for stable and sid versions
> together. We'll see how the BTS version tracking copes with this :)
>
> Fixed in:
> - upstream 1.6rc3 (released on 2005-07-18)
> Going to be fixed in:
> - 1.5+20050411-5 (interdiff to -4 attached, changelog needs editing -
> requesting CAN number from Debian security team)
> Other than that, the upload is in
> deb http://people.debian.org/~porridge/ekg-sarge/ ./
> - 1.5+20050718+1.6rc3-1
> I will upload this as soon as I have the CAN number.
>
> Stable security team: please edit the CAN number in changelog in package
> at the above URL and make the upload.
>
> Testing security team: I will upload to sid as soon as I get the CAN
> number.
Ok, make this CAN-2005-1852.
The usual correction would be
count >= UINT_MAX / sizeof(uin_t) --> bail out
count > 0xffff should catch that case, so the correction is fine.
Regards,
Joey
--
Whenever you meet yourself you're in a time loop or in front of a mirror.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050719/3e162db2/attachment.pgp
More information about the Secure-testing-team
mailing list