On Sun, Apr 17, 2005 at 09:19:32PM +0200, Moritz Muehlenhoff wrote:
> [ Dear security team; this seems to affect stable as well ]
>
> CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
> can potentially be exploited to execute arbitrary code.
>
> gnome-vfs2 contains the vulnerable code as well. Attached you can find
> a patch like it has been patched for grip.
Fixed in gnome-vfs by means of NMU. Patch:
diff -u gnome-vfs-1.0.5/debian/changelog gnome-vfs-1.0.5/debian/changelog
--- gnome-vfs-1.0.5/debian/changelog
+++ gnome-vfs-1.0.5/debian/changelog
@@ -1,3 +1,11 @@
+gnome-vfs (1.0.5-5.1) unstable; urgency=high
+
+ * Non-Maintainer Upload
+ * Security: Fix buffer overflow in CDDB code (CAN-2005-0706, closes:
+ #305163)
+
+ -- Jeroen van Wolffelaar <[EMAIL PROTECTED]> Sat, 30 Apr 2005 23:52:50 +0200
+
gnome-vfs (1.0.5-5) unstable; urgency=low
* Gnome Team Upload.
only in patch2:
unchanged:
--- gnome-vfs-1.0.5.orig/modules/cdda-cddb.c
+++ gnome-vfs-1.0.5/modules/cdda-cddb.c
@@ -339,7 +339,7 @@
query->query_match=MATCH_INEXACT;
query->query_matches=0;
- while(!CDDBReadLine(socket,inbuffer,256)) {
+ while(query->query_matches < MAX_INEXACT_MATCHES &&
!CDDBReadLine(socket,inbuffer,256)) {
query->query_list[query->query_matches].list_genre=
CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
--
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
