Your message dated Thu, 11 Sep 2008 11:32:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#497835: fixed in gmanedit 0.4.1-1.1 has caused the Debian Bug report #497835, regarding gmanedit: CVE-2008-3971 buffer overflow when converting manpage to utf8 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: gmanedit Version: 0.4.1-1 Severity: important Tags: security Hi, Gmanedit includes several buffer overflows. It needs to be audited seriously, user input is never checked. Here are the ones i found : * Launch the wizard, click all the boxes, complete the wizard. Check for "cad[512]" in the source, it's where the problem is, it should be increased ; it fixes the problem, but it's ugly. * Launch the wizard, type a very long line in title or name of the manpage. At first the UI doesn't limit the number of characters you can enter, then the code handles it badly. * Open preferences, flood the inputbox. * Same like above, but this time it comes from the rc file. Just fill the "COMMAND=" parameters with a lot of characters. * Fill the editor with a 200kb file, then try to see the man ("view created page"). Maybe there are some others, so it needs a good audit. I don't send a patch, because i can't fix properly, but don't hesitate to ask me more if you need. Regards,
--- End Message ---
--- Begin Message ---Source: gmanedit Source-Version: 0.4.1-1.1 We believe that the bug you reported is fixed in the latest version of gmanedit, which is due to be installed in the Debian FTP archive: gmanedit_0.4.1-1.1.diff.gz to pool/main/g/gmanedit/gmanedit_0.4.1-1.1.diff.gz gmanedit_0.4.1-1.1.dsc to pool/main/g/gmanedit/gmanedit_0.4.1-1.1.dsc gmanedit_0.4.1-1.1_amd64.deb to pool/main/g/gmanedit/gmanedit_0.4.1-1.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated gmanedit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 11 Sep 2008 13:05:52 +0200 Source: gmanedit Binary: gmanedit Architecture: source amd64 Version: 0.4.1-1.1 Distribution: unstable Urgency: high Maintainer: Joop Stakenborg <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: gmanedit - GTK+ man pages editor Closes: 497835 Changes: gmanedit (0.4.1-1.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix heap-based buffer overflow on converting a manpage from the currently used locale to utf8 and various other not security relevant buffer overflows (CVE-2008-3971; Closes: #497835). Checksums-Sha1: b16e49f68cac29eb587184f1e9389e0c868eb6a0 1139 gmanedit_0.4.1-1.1.dsc b865259b1020b29bd896638a8f6d976507121dea 7213 gmanedit_0.4.1-1.1.diff.gz 7eebc6f637bd64a9fa256740cd3cfcabc9dddf68 52364 gmanedit_0.4.1-1.1_amd64.deb Checksums-Sha256: bbfe42644dbffbbe5b2b7e3ef20aedce902ebf01750a9e355ce6aa65007802a4 1139 gmanedit_0.4.1-1.1.dsc 2e620c4c03f7130c47b40a672b71ae86cf423b48602ed45c90cda41b402f2ee0 7213 gmanedit_0.4.1-1.1.diff.gz ebf690390a1a452824c6f3c0ecd277035cc057319011ff956c42bf6efb1d7cea 52364 gmanedit_0.4.1-1.1_amd64.deb Files: d20e74e1f21f29d5af3310872d12b60c 1139 gnome optional gmanedit_0.4.1-1.1.dsc 20ecd21e072af6dfa7169f3902385f47 7213 gnome optional gmanedit_0.4.1-1.1.diff.gz 2aa2d96e51add8bd508861bf7586821f 52364 gnome optional gmanedit_0.4.1-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjI/gAACgkQHYflSXNkfP+tgACfT4ErEBiOe6ktL52UMFF98SUQ /moAnje59DmBwvnrfjga06LpMXOqtbYj =XhDX -----END PGP SIGNATURE-----
--- End Message ---
