Your message dated Wed, 02 Jan 2013 15:32:51 +0000 with message-id <e1tqqjh-0001mh...@franck.debian.org> and subject line Bug#695467: fixed in horgand 1.14-5 has caused the Debian Bug report #695467, regarding Horgand too short buffer to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695467 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: horgand Version: 1.14-4 This started as Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/horgand/+bug/891939 There's a strcpy of an 11 char string (+nil) into a 10 char fixed array; that on Ubuntu's Fortify build causes it to seg at startup. I've got a fix below for it; that I think is safe (it certainly gets past the seg), but for me I'm hitting problems with it not being able to open the (hard coded) alsa device. There are further places in the code that aggregate this length onto other strings into other fixed sized buffers that look safe; but given the number of fixed length buffers I wouldn't be surprised if there are further issues. Description: Buffer was too short for chord name Author: d...@treblig.org Bug: https://bugs.launchpad.net/ubuntu/+source/horgand/+bug/891939 Index: horgand-1.14/src/Holrgan.h =================================================================== --- horgand-1.14.orig/src/Holrgan.h 2007-10-18 03:06:11.000000000 +0100 +++ horgand-1.14/src/Holrgan.h 2012-12-08 16:18:12.218160670 +0000 @@ -398,7 +398,7 @@ struct Ch4 { - char Nom[10]; + char Nom[12]; int type; int fund; int dist1; -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ gro.gilbert @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/
--- End Message ---
--- Begin Message ---Source: horgand Source-Version: 1.14-5 We believe that the bug you reported is fixed in the latest version of horgand, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 695...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessio Treglia <ales...@debian.org> (supplier of updated horgand package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 02 Jan 2013 14:06:58 +0000 Source: horgand Binary: horgand horgand-data Architecture: source amd64 all Version: 1.14-5 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Alessio Treglia <ales...@debian.org> Description: horgand - JACK capable organ softsynth horgand-data - JACK capable organ softsynth (data files) Closes: 695467 Changes: horgand (1.14-5) unstable; urgency=medium . * Prevent SIGSEGV by fixing a buffer overflow, it was tryng to strcpy() of an 11 char string (+ '\0') into a 10 char fixed array. (Closes: #695467) (LP: #891939) Checksums-Sha1: 669ada7c45b9c1174b91972560738ef5ecf9a8cc 2176 horgand_1.14-5.dsc 128f72147326dabb93c807c626a3479ae1cf3aac 4530 horgand_1.14-5.debian.tar.gz 8bfd6c108bfcce6f83e1238560d6a0930e03784a 106522 horgand_1.14-5_amd64.deb 85d575e1304cbf861518892df82db50407d8b0d9 2321296 horgand-data_1.14-5_all.deb Checksums-Sha256: 14bebeb90910c16621a49668bfa7cf195327e37b65fcb8b5b4d2005b75d072c9 2176 horgand_1.14-5.dsc 03a5cff732ac04362f85edf4a6b6d6e6b73d1671ad9f0765dd77345b307f4062 4530 horgand_1.14-5.debian.tar.gz 9139558d152b11b3ac27ae22a74622f6671bf158fcc618f628b6db2ee0a57e8b 106522 horgand_1.14-5_amd64.deb a9868ca3b96c780188839d4f680f9a6d8c2d37460a05cebcdf77b66629ff59a1 2321296 horgand-data_1.14-5_all.deb Files: 340e05eb8b7d61ba479c91eb53f12b15 2176 sound optional horgand_1.14-5.dsc 6e7794cb6ce41b85f97a65ec72f4e7ba 4530 sound optional horgand_1.14-5.debian.tar.gz c463ae1abd9c855b1f308a8328969930 106522 sound optional horgand_1.14-5_amd64.deb 908ac89ee626482d15d0ed607b52a63b 2321296 sound optional horgand-data_1.14-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQ5E6rAAoJEOikiuUxHXZaAW4P/R+gkabdA36Hydt2YF+AGWks Qz77k/9Hk1uYeKLEWp8VMktvwyPY48jzOrpfHEcai/ftwiXZH4QxsXmO+jNJKp5M ZkD23ZSVL4EAwQ1jVs457MCg0zgf15NgChwI2A0DinzQA9TKIwq8gPNosZIosKGg NO4ssh1fU2b0weS0wB63DsLAo3XNJUUWnPMlF8t2iG4+dzDyK+e+21v1Yya9/JgV m0YxTnSNN6CQJhgKx8utKCICx1Wbl+Yyr88nVai01hS7If8cqnWFBOndKfRs+Vi2 TWMLDQrpy+80flR9i9X5Vs7dUOPoa6UOw9aL0o+/lJeTF+miAh+z6LSFn8iFh/+O AMvt08UP2EsyIyv/EF/t8K22dpUcJZxSE0GRbpmK0b/KpQXz9VwxFY1w/VZVhUAs xjKqq7QOufRrm8LvBmPMb7vlAmZ1OeX1aGoKY8cq6f8U1id5+nSdFVr8g8SAJuU9 Y9wJSNaUyiOOJo5hpANAwS9/qLxAgoG8XC5w8l/zqapG+cfQAU+85mW2heDXw2sb FgzqPsqoZWEE5fLWBAniQ5rFN0cF7H9ggBKLCAhw5uGuQABB+FauLzNnAoK/TndZ kMVFeGbneKXw8SSPWU7dlZuI1fxa9P8vuVPg40rmf2bMp+PXxLuhLFTsq3WGJIrZ +NPgHoWE9LfGe6DHQ2LB =eyIg -----END PGP SIGNATURE-----
--- End Message ---
