Your message dated Wed, 24 Dec 2014 21:52:05 +0000 with message-id <e1y3tqf-0004jj...@franck.debian.org> and subject line Bug#773818: fixed in lpe 1.2.7-2 has caused the Debian Bug report #773818, regarding Crashes on start to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773818: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773818 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: lpe Version: 1.2.7-1 Severity: grave There is a off-by-1 buffer overflow in my buffer overflow fix. While scanning for plugins, the length of available basename is stored that includes \0, and then in another loop it is tested against strlen(basename) that clearly does not include trailing \0. Workaround is to either remove all the plugins, or change the order in which they are returned by the file system (kind of tricky!), or apply the patch, diff -u lpe-1.2.7/src/buffer.c lpe-1.2.7/src/buffer.c --- lpe-1.2.7/src/buffer.c 2014-06-23 22:53:33.582593198 -0500 +++ lpe-1.2.7/src/buffer.c 2014-12-23 09:08:54.888625050 -0600 @@ -158,8 +158,8 @@ int (*accept) (buffer *); if (strlen(ent->d_name) > basename_len) { - basename_len = strlen(ent->d_name) + 1; - name = realloc(name, (basename-name) + basename_len); + basename_len = strlen(ent->d_name); + name = realloc(name, (basename-name) + basename_len + 1); basename = name + basename_off; } strcpy (basename, ent->d_name); -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lpe depends on: ii libc6 2.19-13 ii libncurses5 5.9+20140913-1 ii libslang2 2.3.0-2 ii libtinfo5 5.9+20140913-1 lpe recommends no packages. lpe suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: lpe Source-Version: 1.2.7-2 We believe that the bug you reported is fixed in the latest version of lpe, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Majer <ad...@zombino.com> (supplier of updated lpe package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Dec 2014 09:09:19 -0600 Source: lpe Binary: lpe Architecture: source Version: 1.2.7-2 Distribution: unstable Urgency: medium Maintainer: Adam Majer <ad...@zombino.com> Changed-By: Adam Majer <ad...@zombino.com> Description: lpe - Lightweight Programmer's Editor Closes: 773818 Changes: lpe (1.2.7-2) unstable; urgency=medium . * Fix an off-by-1 buffer overflow. (closes: #773818) Checksums-Sha1: 5e8bf821118798623fee7b003257b5e9a725d231 1640 lpe_1.2.7-2.dsc 0ea2316cf8630e1dd2c03c8055ed243d8f8e6c78 6524 lpe_1.2.7-2.debian.tar.xz Checksums-Sha256: 68284fbb82bb5ea2675dd6e7fe9a87d45e711ed8c4c776375200896f84a28f2c 1640 lpe_1.2.7-2.dsc b9a23988009e6243ce7c3fc2552f4244850472373490d74382401fc81a0ffcfe 6524 lpe_1.2.7-2.debian.tar.xz Files: feeba32e214e84af8f2260bcdc436143 1640 editors optional lpe_1.2.7-2.dsc d71942a481b18063e1722fee6bff3052 6524 editors optional lpe_1.2.7-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUmxZDAAoJEOUj8iCsjfvQCE4P/3ZzB8wCz0hP2qg4/F2y76sN 5pltzItMxXhV4zetMm2tT/DHBQJsgkpHRfoRe0ope7cqUT23QW5uViLejH530hZF IFCHfC48MFh6Nhh1wnz5afZH7PaKcv4fY1CETJ9BehWaHXjEzTNBfC9u4S5fIPH8 zMbR4JLWS822dIut3gGRKANwt07M2Z8x6sUEuLoTrcfM6IegmPBtfTWVGUT4tfpj C0r0Xp3mMMtszSSPzEDHVX+IOqlD5lIQX5Tl1JD9PdIWaF6DPaqY4LVl2w3QQbO6 aljKgTFqGQBgExM6wVo9LvEeyo4RpsxpUaDOEAuW0WrI2AT1h+37LpSbagaQzVa3 fvGtN3BHLNSQxX7sJf7u8VO/0qD/cbCO+V9YjmRvTgK2nDrdyUuJszEgkMRCk6CM RkTFiWzoixuUg4Y6SQg3gev/X6qNv+eIpoHIJ/KlO6dGqyTmRSOtKlboET97YrJb Pqi7WATs8imyT2Ttew6qrQ5so6Ph0ql4wGEn5tnkUmq/Vx1457g3DQ+7cTvNvbHe Ey0c+IpFzC2dRbZ5pGlNQLAUkldKbDGTlHdkJ4pGKqNcjlZLtJhzZWDAKeiuxOuK kNBzqt/Px+gpsX7W4wefk65kMDfeZOkUJiKJynl94+D+c04w48IhaZr+Y2sNg2In XofvnWKp7vB0/KKzZHg3 =aWmU -----END PGP SIGNATURE-----
--- End Message ---
