Package: gnome-vfs2
Severity: grave
Tags: security patch
Justification: user security hole
[ Dear security team; this seems to affect stable as well ]
CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
can potentially be exploited to execute arbitrary code.
gnome-vfs2 contains the vulnerable code as well. Attached you can find
a patch like it has been patched for grip.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
diff -Naur gnome-vfs2-2.8.4.orig/modules/cdda-cddb.c
gnome-vfs2-2.8.4/modules/cdda-cddb.c
--- gnome-vfs2-2.8.4.orig/modules/cdda-cddb.c 2004-07-25 17:40:35.000000000
+0200
+++ gnome-vfs2-2.8.4/modules/cdda-cddb.c 2005-04-17 21:11:26.000000000
+0200
@@ -440,7 +440,7 @@
query->query_match=MATCH_INEXACT;
query->query_matches=0;
- while(!CDDBReadLine(socket,inbuffer,256)) {
+ while(query->query_matches < MAX_INEXACT_MATCHES &&
!CDDBReadLine(socket,inbuffer,256)) {
query->query_list[query->query_matches].list_genre=
CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
