Hi,
newly uploaded is
http://www.gnu.org/software/xorriso/xorriso-1.0.1.tar.gz
Steve, if you want to patch your copy of xorriso-0.6.7:
I only added the memset() call to the following function in
libisofs/ecma119.c :
static
int write_vol_desc_terminator(Ecma119Image *target)
{
int res;
uint8_t buf[BLOCK_SIZE];
struct ecma119_vol_desc_terminator *vol;
memset(buf, 0, BLOCK_SIZE);
vol = (struct ecma119_vol_desc_terminator *) buf;
vol->vol_desc_type[0] = 255;
memcpy(vol->std_identifier, "CD001", 5);
vol->vol_desc_version[0] = 1;
res = iso_write(target, buf, BLOCK_SIZE);
return res;
}
So the bug is due to uninitialized local memory. The illegal content
in the reserved field stems from the Joliet Volume Descriptor which
was written immediately before the Volume Set Terminator.
I will now examine how much risk there is for other data
to have sneaked in. If a substantial privacy problem seems likely,
then i will have to make an emergency release.
(Will also reply to Bug#610783. Bear with me. I am not very experienced
with Debian community ways.)
Have a nice day :)
Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
