Launchpad has imported 9 comments from the remote bug at https://bugzilla.novell.com/show_bug.cgi?id=666839.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-01-25T08:19:50+00:00 Krahmer wrote: Via oss-sec: Date: Mon, 24 Jan 2011 13:57:11 -0800 From: Kees Cook To: oss-security Hello, I'd like to get CVEs assigned for two issues in Gypsy[1]: reads arbitrary files as root user on behalf of regular user https://bugs.freedesktop.org/show_bug.cgi?id=33431 buffer overflow in nmea device input handling https://bugs.freedesktop.org/show_bug.cgi?id=33431 Thanks, -Kees [1] http://gypsy.freedesktop.org/wiki/ Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/3 ------------------------------------------------------------------------ On 2011-01-26T08:10:14+00:00 Krahmer wrote: Via oss-sec: I'm giving these 2011 IDs. None of the information was public in 2010. ----- Original Message ----- > Hello, > > I'd like to get CVEs assigned for two issues in Gypsy[1]: > > reads arbitrary files as root user on behalf of regular user > https://bugs.freedesktop.org/show_bug.cgi?id=33431 Use CVE-2011-0523. > > buffer overflow in nmea device input handling > https://bugs.freedesktop.org/show_bug.cgi?id=33431 > Use CVE-2011-0524. Thanks. -- JB Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/4 ------------------------------------------------------------------------ On 2011-01-28T13:11:09+00:00 Ro-novell wrote: has anyone seen patches floating around for these. upstream does not look too alive and no-one else has touched the package yet Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/5 ------------------------------------------------------------------------ On 2011-01-28T13:28:58+00:00 Ro-novell wrote: the whole program has code like this in countless places: char nmeabuf[256]; nmea_foobar(foo, nmeabuf); nmea_foobar(foo2* foo, char* bar) { char buf[256]; sprintf(buf, ....); unsigned char cksum = nmea_cksum(buf); sprintf(bar, "$%s*%02X\r\n", buf, cksum); } so at least we'd have to make buf a few bytes smaller to have a chance, but I guess that does not even completely fix one of the two issues Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/6 ------------------------------------------------------------------------ On 2011-01-28T13:36:46+00:00 Ro-novell wrote: WOW: this is gross: gypsy-client.c line 653: /* Open a connection to our device */ /* we assume that a device path starting with slash is a tty device */ if (priv->device_path[0] == '/') { how do we continue here ? Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/7 ------------------------------------------------------------------------ On 2011-01-31T10:25:44+00:00 Krahmer wrote: This doesnt look good and it seems there are more problems than what has been reported. Is it an important package? Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/8 ------------------------------------------------------------------------ On 2011-01-31T11:44:06+00:00 Ro-novell wrote: "gps multiplexing daemon" to let multiple clients access gps devices. does not really sound too common. I did not even know I was assigned to this package, had never touched it before. Vincent, you're the only one listed in the changelog of this package, can you comment on the importance of this package ? Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/9 ------------------------------------------------------------------------ On 2011-01-31T12:08:51+00:00 Vuntz-novell wrote: It's not an essential package, but without it, only one app can access to a gps device, which is an issue if many apps are doing geolocation -- it's starting to become common. If we consider dropping the package, I guess some review to know what else is wrong would be nice, so that upstream can go ahead and fix things. Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/10 ------------------------------------------------------------------------ On 2011-01-31T13:01:37+00:00 Ro-novell wrote: in https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323 the reporter says this was reported to upstream on December 14th but he never heard back (there have not been any code changes in this project since last June) Reply at: https://bugs.launchpad.net/gypsy/+bug/690323/comments/11 ** Changed in: gypsy (Suse) Status: Unknown => Confirmed ** Changed in: gypsy (Suse) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/690323 Title: gypsy opens arbitrary files, has unchecked buffer overflows -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
