Bug#413629: marked as done ("'git http-push' had a few buffer overruns.")

Wed, 07 Mar 2007 22:53:32 -0800 

Your message dated Thu, 08 Mar 2007 06:47:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#413629: fixed in git-core 1:1.4.4.4-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: git-core
Version: 1.5.0.2-1
Severity: grave
Tags: security

The relevant commits are, as far as I know:

commit eecc8367f4eaafc8449fc08c4e33f3f8ac474469
Author: Eygene Ryabinkin <[EMAIL PROTECTED]>
Date:   Thu Mar 1 19:09:12 2007 +0300

    Another memory overrun in http-push.c

    Use of strlcpy() are wrong, as the source buffer at these
    locations may not be NUL-terminated.

commit 2c46759db757eb742590e8547cb0c63e8bdb1da1
Author: Eygene Ryabinkin <[EMAIL PROTECTED]>
Date:   Wed Feb 28 12:12:02 2007 -0800

    http-push.c::lock_remote(): validate all remote refs.

    Starting from offset 11 might have been good back when it was
    only used for updating "refs/heads/*", but it is used to update
    "info/refs" and "refs/tags/*" as well.

    Signed-off-by: Junio C Hamano <[EMAIL PROTECTED]>

--- End Message ---
--- Begin Message --- 
Source: git-core
Source-Version: 1:1.4.4.4-2

We believe that the bug you reported is fixed in the latest version of
git-core, which is due to be installed in the Debian FTP archive:

git-arch_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-arch_1.4.4.4-2_all.deb
git-core_1.4.4.4-2.diff.gz
  to pool/main/g/git-core/git-core_1.4.4.4-2.diff.gz
git-core_1.4.4.4-2.dsc
  to pool/main/g/git-core/git-core_1.4.4.4-2.dsc
git-core_1.4.4.4-2_powerpc.deb
  to pool/main/g/git-core/git-core_1.4.4.4-2_powerpc.deb
git-cvs_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-cvs_1.4.4.4-2_all.deb
git-daemon-run_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-daemon-run_1.4.4.4-2_all.deb
git-doc_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-doc_1.4.4.4-2_all.deb
git-email_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-email_1.4.4.4-2_all.deb
git-svn_1.4.4.4-2_all.deb
  to pool/main/g/git-core/git-svn_1.4.4.4-2_all.deb
gitk_1.4.4.4-2_all.deb
  to pool/main/g/git-core/gitk_1.4.4.4-2_all.deb
gitweb_1.4.4.4-2_all.deb
  to pool/main/g/git-core/gitweb_1.4.4.4-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gerrit Pape <[EMAIL PROTECTED]> (supplier of updated git-core package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  7 Mar 2007 17:14:04 +0000
Source: git-core
Binary: git-email git-core git-daemon-run git-doc git-cvs git-svn gitk gitweb 
git-arch
Architecture: source all powerpc
Version: 1:1.4.4.4-2
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Gerrit Pape <[EMAIL PROTECTED]>
Description: 
 git-arch   - content addressable filesystem (arch interoperability)
 git-core   - content addressable filesystem
 git-cvs    - content addressable filesystem (cvs interoperability)
 git-daemon-run - content addressable filesystem (git-daemon service)
 git-doc    - content addressable filesystem (documentation)
 git-email  - content addressable filesystem (email add-on)
 git-svn    - content addressable filesystem (svn interoperability)
 gitk       - content addressable filesystem (revision tree visualizer)
 gitweb     - content addressable filesystem (web interface)
Closes: 413629
Changes: 
 git-core (1:1.4.4.4-2) testing-proposed-updates; urgency=high
 .
   * debian/diff/0001-http-push.c-lock_remote-validate-all-remote-refs.diff,
     debian/diff/0002-Another-memory-overrun-in-http-push.c.diff: new,
     cherry-pick'ed from upstream maint branch: fix memory overruns in
     http-push.c (closes: #413629).
Files: 
 b5d56a492e4453253de752c01ac761ab 785 devel optional git-core_1.4.4.4-2.dsc
 2469435de97754b7cab4160170eaa992 60045 devel optional 
git-core_1.4.4.4-2.diff.gz
 5f0dbf6951612624dc6f34da46c7e16c 2635766 devel optional 
git-core_1.4.4.4-2_powerpc.deb
 f241d7244de1b49611c7f1db014540ae 466136 doc optional git-doc_1.4.4.4-2_all.deb
 99961be1e243066f082f1ebdc28e09ce 68326 devel optional 
git-arch_1.4.4.4-2_all.deb
 1344112a7f2a402d6b54c310b0e159d3 93540 devel optional git-cvs_1.4.4.4-2_all.deb
 0f3543c0dc111b19101623badb9ebf49 100378 devel optional 
git-svn_1.4.4.4-2_all.deb
 05524a167bf76df8a15ea5fab4f7b2f6 55156 devel optional 
git-daemon-run_1.4.4.4-2_all.deb
 9265250de159aa550299852a9ea636fa 62630 devel optional 
git-email_1.4.4.4-2_all.deb
 08af7903018cd964ba5f34e0b389aedf 99138 devel optional gitk_1.4.4.4-2_all.deb
 e990875fa438b852da30e76a93eff8fc 87780 devel optional gitweb_1.4.4.4-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF76yyGJoyQbxwpv8RAuQKAJ9YiI22gimPb6Ur63m6fmgVX93qSQCeITc5
LQJkSuOERQ/Xr84JMvtTqJY=
=lMJI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to