Hello Ben,
Thank you for uploading the fixed version. The following is mostly for
you information. (I.e. I do not expect you to do any additional
investigation. Neither am I going to spend more time on this.)
On 20 April 2014 22:34, Dmitry Semyonov wrote:
> On 20 April 2014 18:05, Ben Hutchi
> I've just committed your patch to echoping and it seems to work
I also confirm that the patch fixed the crashes for me.
I should note that the problem HTTPS server is rather unstable (15.25%
failed requests over 10 days). Most likely the crash never happens
with properly working servers.
--
.
> I wonder why it was reported as a security risk.
My concern is the third gnutls_record_recv() call. 'maxlen' argument
of TLS_readline() was passed to the call as is, and TLS_readline()
callers *always pass the full size* of TLS_buffer[] as 'maxlen', but
pointer passed to the gnutls_record_recv()
Well, crashed again at the same place, ("if (TLS_buffer[i] == '\n')"
line). So, better patch is attached.
--
...Bye..Dmitry.
--- echoping-6.0.2.orig/readline.c
+++ echoping-6.0.2/readline.c
@@ -139,7 +139,8 @@
if (ln) {
/* Empty buffer */
if (buf_end == 0)
Package: echoping
Version: 6.0.2-3
Severity: grave
Tags: security patch
Justification: user security hole
I use Smokeping to monitor a number of external hosts. echoping is
called by EchoPingHttps Smokeping probe, and it crashes several times a
week, resulting in syslog error like:
Dec 11 00:13:
Package: tinyproxy
Version: 1.8.1-3
Severity: grave
Tags: patch
Justification: renders package unusable
--- tinyproxy-1.8.1/src/log.c 2010-02-19 18:38:00.0 +0300
+++ log.c 2010-04-19 00:56:36.0 +0400
@@ -211,6 +211,9 @@ void send_stored_logs (void)
size_t i;
+
Package: jigzo
Version: 0.6.1-3.1
Severity: grave
Justification: renders package unusable
The Subject says it all.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores)
Loca
severity 420668 normal
stop
Looks like the problem was resolved recently. At least wine has just
been installed successfully.
On the other hand I use pretty minimal set of packages, so I can't be
100% sure. Therefore, I'm not closing the bug right now, but rather
demoting the severity. I'll clos
Package: mirrors
Severity: grave
Justification: renders package unusable
I contacted [EMAIL PROTECTED] about this issue, and received a reply
on Apr, 16 that the mirror script can't connect on the first try,
and then when it finally connects after some time the connection
becomes broken.
He was
On 1/16/07, Brice Goglin <[EMAIL PROTECTED]> wrote:
If it is confirmed that eciadsl does not work with 2.6.18 and there is
no easy way to make it work (does upstream have a patch?), I don't think
I will prepare a new NMU right now unless somebody wants me to do so.
It is confirmed, and upstrea
On 1/14/07, Brice Goglin <[EMAIL PROTECTED]> wrote:
Dmitry Semyonov wrote:
>> On 1/14/07, Brice Goglin <[EMAIL PROTECTED]> wrote:
>> > Brice Goglin wrote:
>> > >
>> > > Since you have the hardware to test, could add a printf where I set
&
eciadsl_0.11-3.1 is unusable on my PC, while eciadsl_0.11-3 works more
or less fine.
PPP connection can't be established by some reason in 0.11-3.1
version. It always times out.
Also note that 0.11-* version does not work with 2.6.18.* kernels.
Upstream developers are aware of the issue. So, I wo
There is no GT2 support in current (testing) libmikmod2-3.1.11-a-6
Debian package.
--
...Bye..Dmitry.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: xine-ui
Followup-For: Bug #390335
I installed Etch via netinst iso, and then added necessary
packages via aptitude. Never installed KDE. xine and oxine
start without problems. (I removed .xine aforehand. I don't
have .kde in my home dir.)
~$ xine
This is xine (X11 gui) - a free video pla
Package: ntpdate
Version: 1:4.2.0a+stable-2sarge1
Severity: critical
Justification: breaks unrelated software
ntpdate automatically and _unconditionally_ synchronizes time during the
installation of the package. This obviously might break some software
which hardly depends on timing.
In particul
15 matches
Mail list logo
