Looks good to me, thanks for getting everything addressed.
** Changed in: openbabel (Ubuntu Intrepid)
Status: Incomplete => Fix Released
--
main inclusion review for openbabel
https://bugs.launchpad.net/bugs/236051
You received this bug notification because you are a member of Ubuntu
Bugs
Nuff blocking. Moved to main, set as beta milestone.
** Changed in: openbabel (Ubuntu Intrepid)
Target: None => ubuntu-8.10-beta
--
main inclusion review for openbabel
https://bugs.launchpad.net/bugs/236051
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Changed in: openbabel (Ubuntu)
Status: New => Incomplete
--
main inclusion review for openbabel
https://bugs.launchpad.net/bugs/236051
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lis
back to Jamie, Kees for review.
** Changed in: openbabel (Ubuntu)
Assignee: Jonathan Riddell (jr) => Ubuntu Security Team (ubuntu-security)
--
main inclusion review for openbabel
https://bugs.launchpad.net/bugs/236051
You received this bug notification because you are a member of Ubuntu
Bu
2.2 synced, re-opening so this can be reconsidered.
** Changed in: openbabel (Ubuntu)
Status: Incomplete => New
--
main inclusion review for openbabel
https://bugs.launchpad.net/bugs/236051
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Geoff, thanks for the follow-up! Seems that we should get 2.2.0-final
into Intrepid (we have beta5 at the moment). Jonathan, any chance you
could test the 2.2.0-1 from Debian experimental? If it works, we should
sync it over.
I do consider it security sensitive in a way that such file formats are
I'm one of the upstream maintainers. We just released 2.2.0-final, which
addresses all these and some other internally-discovered issues,
including some minor denial-of-service issues with malformed data. (For
example, the code could consume large amounts of memory.)
We do compile with -Wformat-se
I see a few cases of being able to run off the stack during sprintf.
I'd prefer all the sprintfs were checked and replaced with snprintf, but
it looks to be a large task:
$ grep -R sprintf . | wc -l
472
As long as this compiles without warnings from -Wformat-security and
compiles with the now
Package looks ok in general, but it is massively reading/parsing a lot
of different file formats. Jamie, Kees, can you please give this an
inspection for general code quality and common vulnerabilities? Thanks!
** Changed in: openbabel (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (
