[Secure-testing-team] Bug#340177: cscope: fix for CVE-2004-2541:
"buffer overflows in parsing file names from #include statements"
Alec Berryman
alec at thened.net
Mon May 15 13:18:01 UTC 2006
Package: cscope
Version: 15.5+cvs20050816-1
Followup-For: Bug #340177
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Upstream appears to have stalled on this issue because some cscope
targets platforms do not have snprintf(). Debian has snprintf(), so
this is not a problem for us.
The attached patch CVE-2004-2541.diff converts sprintf() calls to
snprintf(). It applies and compiles, and when patched cscope no longer
segfaults when examining the attached CVE-2004-2541-test.c.
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16-alec-laptop
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages cscope depends on:
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libncurses5 5.5-2 Shared libraries for terminal hand
cscope recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEaH+JAud/2YgchcQRAj5fAKCjaA733NRcu8TO5tqNN3AAdYlcIQCcCwDQ
fPGtu6bPz2Hu2cuHkNhifw4=
=5d2y
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2004-2541.diff
Type: text/x-c
Size: 10312 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060515/7614fc5a/CVE-2004-2541.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2004-2541-test.c
Type: text/x-c
Size: 1552 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060515/7614fc5a/CVE-2004-2541-test.bin
More information about the Secure-testing-team
mailing list