[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#309586: marked as done (konsole has unsafe and incorrect UTF-8 decoder)

Your message dated Tue, 27 Mar 2007 10:01:16 -0400
with message-id <9f694b820703270701k6a53353fya230afbce3780b9c@mail.gmail.com>
and subject line Very old bug, do you still have the problem ?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Subject: konsole has unsafe and incorrect UTF-8 decoder
Package: konsole
Version: 4:3.3.2-1
Severity: normal
Catting Marcus Kuhn's UTF-8-test reveals a number of problems with konsole's UTF-8 decoder; it does not correctly handle malformed input. For example, it fails to reject "long forms" of ordinary ASCII characters, start bytes are always combined with following bytes even if the following bytes are not continuation bytes, and so on. Some of these are arguably security holes (similar to the IDN issues with Mozilla but permitting computers to be fooled as well as humans). 

The file is at
http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
(and many other places on the Web).

Andrew


-- System Information:
Debian Release: 3.1
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10.20050514
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

Versions of packages konsole depends on:
ii  kdelibs4             4:3.3.2-5           KDE core libraries
ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM 
ii  libgcc1              1:3.4.3-12          GCC support library
ii  libice6              4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libidn11 0.5.13-1.0 GNU libidn library, implementation 
ii  libpng12-0           1.2.8rel-1          PNG library - runtime
ii libqt3c102-mt 3:3.3.4-3 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management 
ii  libstdc++5           1:3.3.5-12          The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxtst6 4.3.0.dfsg.1-12.0.1 X Window System event recording an ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu 
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Submitter was asked to provide more information about this bug
( http://bugs.debian.org/309586 ) four weeks ago.

Since more info was not provided, we are closing the bug.
Feel free to reopen this bug if you are still experiencing this issue
and you have extra information on how reproduce the issue.

Thanks,
Olivier

--- End Message ---
Reply to: