Package: reiser4progs Version: 1.0.8-1 Severity: normal Dear Maintainer,
A overflow buffer vulnerability is easily exploitable in the --override argument in measurefs.reiser4. POC: /sbin/measurefs.reiser4 --overrid======================================================================================================================================================================================================================================================================================================================================================= A In jessie/sid, the stack protection will stop the execution. But in Debian Wheezy, it will be easily exploitable. This testcase was made to work in both version of Debian since the issue is present in 1.0.7-6.3 and 1.0.8-1. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages reiser4progs depends on: ii libc6 2.17-93 ii libuuid1 2.20.1-5.5 reiser4progs recommends no packages. reiser4progs suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
