Your message dated Tue, 10 Feb 2009 21:17:05 +0000 with message-id <e1lwzyb-0000nk...@ries.debian.org> and subject line Bug#514406: fixed in xautolock 1:2.1-7.1 has caused the Debian Bug report #514406, regarding xautolock: Uses freed memory for starting the locker to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 514406: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514406 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: xautolock Version: 1:2.1-7 Severity: grave Justification: user security hole Tags: security xautolock uses an already freed memory address for starting the locker. valgrind says: ==6017== Syscall param execve(argv[i]) points to unaddressable byte(s) ==6017== at 0x55E43A7: execve (in /lib/libc-2.7.so) ==6017== by 0x55E479A: execl (in /lib/libc-2.7.so) ==6017== by 0x404026: (within /usr/bin/xautolock) ==6017== by 0x40427B: (within /usr/bin/xautolock) ==6017== by 0x55641A5: (below main) (in /lib/libc-2.7.so) ==6017== Address 0x62ddcf0 is 16 bytes inside a block of size 65 free'd ==6017== at 0x4C2130F: free (vg_replace_malloc.c:323) ==6017== by 0x52852AA: (within /usr/lib/libX11.so.6.2.0) ==6017== by 0x5285314: (within /usr/lib/libX11.so.6.2.0) ==6017== by 0x52853B2: XrmDestroyDatabase (in /usr/lib/libX11.so.6.2.0) ==6017== by 0x40334C: (within /usr/bin/xautolock) ==6017== by 0x4040DE: (within /usr/bin/xautolock) ==6017== by 0x55641A5: (below main) (in /lib/libc-2.7.so) I noticed this because whenever I let xautolock start from my .xsessionrc it would fail to start my screen locker. Instead of this: swarp 840 525 ; xset dpms force off ; slock it started something like this, according to strace (the corruption didn't always look the same): swarp 840 525 ; xset dpms force off ; slo\377\377\300 Because xset turned off the screen, I didn't notice that slock wasn't started and thus my screen wasn't locked, which is why I think this is a security issue. Feel free to correct me. ;) Greetings Uli Schlachter -- System Information: Debian Release: 5.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27.7wlan.2.0 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages xautolock depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxss1 1:1.1.3-1 X11 Screen Saver extension library Versions of packages xautolock recommends: pn xlockmore | xtrlock | xscreen <none> (no description available) xautolock suggests no packages. -- no debconf information -- "Do you know that books smell like nutmeg or some spice from a foreign land?" -- Faber in Fahrenheit 451
--- End Message ---
--- Begin Message ---Source: xautolock Source-Version: 1:2.1-7.1 We believe that the bug you reported is fixed in the latest version of xautolock, which is due to be installed in the Debian FTP archive: xautolock_2.1-7.1.diff.gz to pool/main/x/xautolock/xautolock_2.1-7.1.diff.gz xautolock_2.1-7.1.dsc to pool/main/x/xautolock/xautolock_2.1-7.1.dsc xautolock_2.1-7.1_amd64.deb to pool/main/x/xautolock/xautolock_2.1-7.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 514...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <fourm...@debian.org> (supplier of updated xautolock package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 10 Feb 2009 21:49:25 +0100 Source: xautolock Binary: xautolock Architecture: source amd64 Version: 1:2.1-7.1 Distribution: unstable Urgency: high Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Vincent Fourmond <fourm...@debian.org> Description: xautolock - Program launcher for idle X sessions Closes: 514406 Changes: xautolock (1:2.1-7.1) unstable; urgency=high . * Non-maintainer upload. * 10-fix-memory-corruption to fix a memory corruption problem leading to a user security problem (closes: 514406). Thanks to Uli <tobespam...@web.de> for spotting the problem and providing the fix. * Urgency high since it is a user security hole that really should make it into lenny. Checksums-Sha1: cd6f3f057339838e50ec00e4c49ec5119152b8c0 1019 xautolock_2.1-7.1.dsc aea496412109a206a48c426c2c5575ff66acf363 6421 xautolock_2.1-7.1.diff.gz 4145d19e59acb9d6b28e42f361441330ddd5d3d1 31636 xautolock_2.1-7.1_amd64.deb Checksums-Sha256: f5ad223bceb75e9c71ba6bcdfe54fbfa193a5c8643f83b45fbdcf11a8b1e184a 1019 xautolock_2.1-7.1.dsc 04db85a93b39bee3a1bf46df986ba017586a5456dcfd54238b0133ab7e161961 6421 xautolock_2.1-7.1.diff.gz 81d9e691ecf2aedaaba3437ef5982cac7a29bd205d5e47f1e09888a1345d2252 31636 xautolock_2.1-7.1_amd64.deb Files: 41f4164f7f23556c8e213bd579170ecc 1019 x11 optional xautolock_2.1-7.1.dsc c1fefdfe1977a491757d4901e942c9e9 6421 x11 optional xautolock_2.1-7.1.diff.gz 1f28ecc7da4f17f34f2cc73f4debc2b7 31636 x11 optional xautolock_2.1-7.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmR7MYACgkQx/UhwSKygspeAwCgsWdJ9i8L0w2HwZKzuvHL9pQZ KX4An0SFy2ghJui3nDxMRCTY5JlDwzRt =airw -----END PGP SIGNATURE-----
--- End Message ---
