Bug#663189: buffer overflow in python-pyfribidi

2012-03-21 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.5) - use target

Bug#663189: buffer overflow in python-pyfribidi

2012-03-10 Thread Ralf Schmitt
أحمد المحمودي writes: > > Why do you include a convenience copy of fribidi source code in your > pyfribidi distribution ? just so that I can tell people to "pip install pyfribidi" intead of telling them to install the frididi headers first. This can easily be disabled by setting USE_SYSTEM_

Bug#663189: buffer overflow in python-pyfribidi

2012-03-10 Thread أحمد المحمودي
On Fri, Mar 09, 2012 at 12:49:16PM +0100, Jakub Wilk wrote: > Right, 0.11 on pypi looks much saner than the current one. Thanks. ---end quoted text--- The package is ready at: http://mentors.debian.net/debian/pool/main/p/pyfribidi/pyfribidi_0.11.0-1.dsc -- ‎أحمد المحمودي (Ahmed El-Mahmoudy)

Bug#663189: buffer overflow in python-pyfribidi

2012-03-10 Thread أحمد المحمودي
On Fri, Mar 09, 2012 at 12:49:11PM +0100, Ralf Schmitt wrote: > upstream is pretty much dead in this case. I've published our version on > PyPI. However, I didn't ask or inform the original authors about that. ---end quoted text--- Why do you include a convenience copy of fribidi source code in

Bug#663189: buffer overflow in python-pyfribidi

2012-03-09 Thread Jakub Wilk
* Ralf Schmitt , 2012-03-09, 12:49: fribidi_utf8_to_unicode consumes at most 3 bytes for a single unicode character, i.e. it does not handle unicode character above 0x. Now I woke up I finally understand what you meant here. :) Sorry for the noise. here's the inner loop of "fribidi_utf8

Bug#663189: buffer overflow in python-pyfribidi

2012-03-09 Thread Jakub Wilk
* Ralf Schmitt , 2012-03-09, 10:11: It's fixed with https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a (or with pyfribidi 0.11 from pypi) Right, 0.11 on pypi looks much saner than the current one. Thanks. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-

Bug#663189: buffer overflow in python-pyfribidi

2012-03-09 Thread Ralf Schmitt
Jakub Wilk writes: >>The reason is the following (see >>https://github.com/pediapress/pyfribidi/issues/2): >> >> fribidi_utf8_to_unicode consumes at most 3 bytes for a single >> unicode character, i.e. it does not handle unicode character above >> 0x. > > As far as I can see this is not true.

Processed: Bug#663189: buffer overflow in python-pyfribidi

2012-03-09 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > severity 663189 grave Bug #663189 [src:pyfribidi] buffer overflow in python-pyfribidi Severity set to 'grave' from 'normal' > tags 663189 + confirmed security Bug #663189 [src:pyfribidi] buffer overflow in python-pyfribidi Added tag(s) confirmed