Bug#513109: marked as done (gnome-inm-forecast: crash parsing network data)

Debian Bug Tracking System Wed, 04 Feb 2009 11:59:47 -0800

Your message dated Wed, 04 Feb 2009 19:47:03 +0000
with message-id <e1lunib-0007as...@ries.debian.org>
and subject line Bug#513109: fixed in gnome-inm-forecast 0.6.1-1.1
has caused the Debian Bug report #513109,
regarding gnome-inm-forecast: crash parsing network data
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
513109: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: gnome-inm-forecast
Version: 0.6.1-1
Severity: grave
Tags: patch

This bug is grave since it is a buffer overflow that could be used to
gain access to the machine.

The patch is attached and it is already applied to gnome-inm-forecast svn:
http://kutxa.homeunix.org/svn/gnome-inm-forecast/trunk/

#0  0x00007f6a99164ec1 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1  0x0000000000406541 in parse_temperatures_data (applet_data=0x1beb740, 
    buf=0x1df61e9 "Cota nieve prov.(m)</th><td colspan=\"2\" 
class=\"borde_rb\">400&nbsp;</td><td colspan=\"2\" 
class=\"borde_rb\">700&nbsp;</td><td colspan=\"2\" 
class=\"borde_rb\">&nbsp;</td><td class=\"borde_rb\">&nbsp;</td><td cl"..., 
type=3) at main.c:612
        temp_buf = 0x1de8c60 "Cota nieve prov.(m)</th><td colspan=\"2\" 
class=\"borde_rb\">400&nbsp;</td><td colspan=\"2\" 
class=\"borde_rb\">700&nbsp;</td><td colspan=\"2\" 
class=\"borde_rb\">&nbsp;</td><td class=\"borde_rb\">&nbsp;</td><td cl"...
        tokens = (char **) 0x1dfdb00
        tk_snow = (char **) 0x0
        yy = 19
        idx = 10
#2  0x0000000000407d80 in check_inm_url_close (handle=0x1, result=GNOME_VFS_OK, 
callback_data=0x1beb740) at main.c:953
        x = 0
        applet_data = (AppletData *) 0x1beb740
#3  0x00007f6a9ac37885 in ?? () from /usr/lib/libgnomevfs-2.so.0
No symbol table info available.
#4  0x00007f6a9bf6778b in g_main_context_dispatch () from 
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#5  0x00007f6a9bf6af5d in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#6  0x00007f6a9bf6b48d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#7  0x00007f6a99f1f336 in bonobo_main () from /usr/lib/libbonobo-2.so.0
No symbol table info available.
#8  0x00007f6a99f1d801 in bonobo_generic_factory_main_timeout () from 
/usr/lib/libbonobo-2.so.0
No symbol table info available.
#9  0x00007f6a9b7b0624 in panel_applet_factory_main_closure () from 
/usr/lib/libpanel-applet-2.so.0
No symbol table info available.
#10 0x0000000000409f34 in main (argc=2, argv=0x7fffa60475b8) at main.c:1705
        program = (GnomeProgram *) 0x1b77850
        retval = 0

--- gnome-inm-forecast-old/src/main.c
+++ gnome-inm-forecast/src/main.c
@@ -599,7 +589,7 @@
                                if (strncmp(tokens[yy], "td ", 3) == 0) 
continue;
                                if (strncmp(tokens[yy], "nbsp", 4) == 0) 
continue;
                                //printf ("SNOW[%d]: %s - len: %d - idx: %d\n", 
yy,(tokens[yy]) ? tokens[yy] : NULL, strlen(tokens[yy]), idx);
-                               if (tokens[yy] && idx <= 10){
+                               if (tokens[yy] && idx < 10){
                                        if (strlen(tokens[yy]) == 0){
                                                if (idx == 0){
                                                        strcpy 
(applet_data->day_info[0].cota_nieve, "");

--- End Message ---

--- Begin Message ---

Source: gnome-inm-forecast
Source-Version: 0.6.1-1.1

We believe that the bug you reported is fixed in the latest version of
gnome-inm-forecast, which is due to be installed in the Debian FTP archive:

gnome-inm-forecast_0.6.1-1.1.diff.gz
  to pool/main/g/gnome-inm-forecast/gnome-inm-forecast_0.6.1-1.1.diff.gz
gnome-inm-forecast_0.6.1-1.1.dsc
  to pool/main/g/gnome-inm-forecast/gnome-inm-forecast_0.6.1-1.1.dsc
gnome-inm-forecast_0.6.1-1.1_i386.deb
  to pool/main/g/gnome-inm-forecast/gnome-inm-forecast_0.6.1-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 513...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Spreen <netzw...@debian.org> (supplier of updated gnome-inm-forecast 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Feb 2009 10:47:37 -0800
Source: gnome-inm-forecast
Binary: gnome-inm-forecast
Architecture: source i386
Version: 0.6.1-1.1
Distribution: unstable
Urgency: high
Maintainer: David Spreen <netzw...@debian.org>
Changed-By: David Spreen <netzw...@debian.org>
Description: 
 gnome-inm-forecast - the Spanish weather forecast applet for the GNOME panel
Closes: 513109
Changes: 
 gnome-inm-forecast (0.6.1-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * src/main.c: Fixed buffer overflow. Thanks to Eduardo Pérez
     Ureta <edp...@gmail.com> for providing the patch.
     (Closes: #513109).
Checksums-Sha1: 
 421a7de60b5a34fd41380ce787340121a70b1b95 1213 gnome-inm-forecast_0.6.1-1.1.dsc
 357b83a8ab8bb7917ad4d9502aae6cc0d28a5fc4 2770 
gnome-inm-forecast_0.6.1-1.1.diff.gz
 719c29357e7b12ab7f1a3a3cccb334de0ef8c3f8 182374 
gnome-inm-forecast_0.6.1-1.1_i386.deb
Checksums-Sha256: 
 484eba5aea5f856d34fb73731d728fd4edb270f3f56be012850fc5fe17a13e89 1213 
gnome-inm-forecast_0.6.1-1.1.dsc
 8257a5fef62496b6c1a70e6849a2d22b7f544969fe710a467dab84d978d37707 2770 
gnome-inm-forecast_0.6.1-1.1.diff.gz
 3f00748272efb3c918c49e84e0123a8ac96f8e07bc400695d10faad7642a2af6 182374 
gnome-inm-forecast_0.6.1-1.1_i386.deb
Files: 
 9b53a1414d903d3a188ae365f6451e3e 1213 gnome optional 
gnome-inm-forecast_0.6.1-1.1.dsc
 d46559c43564171a52b107f3b7a69829 2770 gnome optional 
gnome-inm-forecast_0.6.1-1.1.diff.gz
 14f6d13d6181c87dea3b11f152b65359 182374 gnome optional 
gnome-inm-forecast_0.6.1-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmJ6d4ACgkQdhEvvPyx3SPWpwCgu4VpC1h4/+xqhOY1ciKC4dor
qBwAn3WIpo5vCwpev9h3dkNU07h9or+s
=mKY2
-----END PGP SIGNATURE-----

--- End Message ---

Bug#513109: marked as done (gnome-inm-forecast: crash parsing network data)

Reply via email to