Your message dated Tue, 02 Sep 2014 22:49:26 +0000
with message-id <e1xowtc-0003zl...@franck.debian.org>
and subject line Bug#750974: fixed in nautic 1.5-1.1
has caused the Debian Bug report #750974,
regarding nautic: Buffer overrun
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
750974: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nautic
Version: 1.5-1
Severity: serious
Tags: patch
Justification: buffer overrun in package without hardening flags enabled
The writes past the end of the buffer are of fixed data (the code
which writes to moon_alt calculates a table of values with a formula)
so this seems unlikely to have security implications, but it's quite
likely to result in a crash.
A patch to fix this is attached (this seems to just be a typo in the
declared size of the moon_alt array).
Cheers,
Olly
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nautic depends on:
ii libc6 2.18-7
ii libgcc1 1:4.9.0-5
ii libstdc++6 4.9.0-5
ii libwxbase2.8-0 2.8.12.1+dfsg2-1
ii libwxgtk2.8-0 2.8.12.1+dfsg2-1
nautic recommends no packages.
nautic suggests no packages.
-- no debconf information
Description: Fix buffer overrrun
The loops which access moon_alt assume it has 514 elements, not 504.
Author: Olly Betts <o...@survex.com>
Last-Update: 2014-06-09
--- nautic-1.5.orig/src/h_correction.cpp
+++ nautic-1.5/src/h_correction.cpp
@@ -79,7 +79,7 @@ static double mean_alt[]= {
9,14,19,24,29,34,39,44,49,54,59,64,69,74,79,84,89,
};
-static double moon_alt[504];
+static double moon_alt[514];
static double moon_refrac[] = { 0.0, 0.0,
66.9, 67.2, 67.4, 67.6, 67.8, 68.0, 68.2, 68.4, 68.6, 68.7, 68.9, 69.0,
--- End Message ---
--- Begin Message ---
Source: nautic
Source-Version: 1.5-1.1
We believe that the bug you reported is fixed in the latest version of
nautic, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 750...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Olly Betts <o...@survex.com> (supplier of updated nautic package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 02 Sep 2014 13:11:15 +0000
Source: nautic
Binary: nautic
Architecture: source
Version: 1.5-1.1
Distribution: unstable
Urgency: medium
Maintainer: Enas Giovanni <gio.e...@alice.it>
Changed-By: Olly Betts <o...@survex.com>
Description:
nautic - computation of observer position in astro-navigation
Closes: 662221 713547 750972 750974
Changes:
nautic (1.5-1.1) unstable; urgency=medium
.
* Non-maintainer upload with maintainer's consent.
.
[ Hideki Yamane ]
* debian/rules
- Just use dh-autoreconf to fix FTBFS (Closes: #662221, #713547)
* debian/control
- add "Build-Depends: dh-autoreconf"
.
[ Olly Betts ]
* Update to use wxWidgets 3.0 (Closes: #750972):
- New patch: wx3.0-compat.patch
* Fix a buffer overrun (Closes: #750974):
- New patch: fix-buffer-overrun.patch
* Update to use dh compat level 9 to enable hardening flags.
* "Standards-Version: 3.9.5" - only change is to drop obsolete
"DM-Upload-Allowed: yes".
* Fix typo in long description.
* Fix typo in "About" dialog spotted by lintian (new patch typos.patch).
* Override lintian errors about symlinks pointing outside the source
tree - dh_autoreconf replaces these with files.
Checksums-Sha1:
c530a957017ce203b21048000670e9c17250f4e4 1728 nautic_1.5-1.1.dsc
e1afeff05f2b6127412aa9b2e4d2f2e769f735ec 5724 nautic_1.5-1.1.debian.tar.xz
Checksums-Sha256:
9fe304e4b0fc3c020cc002cc2e9ff421517624b4f2aa77202bce62ef02d34d27 1728
nautic_1.5-1.1.dsc
f245df76e1b5df7398f0a308b873e17d3855582484c7965fdb0e1d05839d2b47 5724
nautic_1.5-1.1.debian.tar.xz
Files:
8345e5e1753fbf81731bc139f25e3c80 1728 science optional nautic_1.5-1.1.dsc
17cdedf20c6b985e82f0be5f3ea50a33 5724 science optional
nautic_1.5-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUBkXvAAoJEBgUewc7rSsH59oQAIoH9vLIZ+P2gG+1a3RVp73+
QlPLLxR4lb2Not+YFoOzspQJSo5BIAzhAIX9iDSZeOAySsn3BpVOgZB7Y2fcAyOc
pk5kQWXUob035fTSkQXz91BRw1j1LyCrKj8SXgw4tYIB9kD6TPpt4exyOO0MHwxs
LUpQ5mr8w0XgwLE+vf+FraZinF8JPj2DT9hq4CY/Qdk1JgEd3fvJ7Fr/4/5sh0V2
xWSJPWm94sxxFYFcefb7s4enCiGwLbOIv8tkPpM+naNgoYV4nEfOeZi1juJ2zBgp
SzSkhz6GchuXMKSJpog7koi1t/xrJ1DErnFQmBbf+VmcNtUogGwl9bzhSx70cUl9
dpdIiqbJFTNS9g3x7r6iRx0AA/qlMkPHSgUL8hUjnnLkFnA18m98BM/wP1G3fCc4
hCjmQu2PbMymuSrydag6qoKF28XSbSz4UBqjAgWUQB+olj7plvhYAunvve76V52b
v7yhadf2+ZKliBNNHXK3RMkFfPQTIUr+xUbEyYLFw2arOB0O16R/GjBmHIu/k2+r
ikcV0GwoKKemqtF/4QMMWACpemIyYU4WAnWrfkNqJHUneTd995uixM1TgN1Vm4gj
U8y5Tc7yYnk9/precvq+eDhLppB2scGoOPO+jH87WzCCI0fT5yG0UrXvix6xIcNL
rrpfU6Cdb7nwGuGd50O4
=aoRY
-----END PGP SIGNATURE-----
--- End Message ---
