Bug#507108: marked as done (eflite: buffer overflow when handling environmental variables)

To: Samuel Thibault <sthibault@debian.org>
Subject: Bug#507108: marked as done (eflite: buffer overflow when handling environmental variables)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 01 Aug 2010 20:51:07 +0000
Message-id: <handler.507108.D507108.128069580728628.ackdone@bugs.debian.org>
References: <E1OffTx-0007tY-AO@franck.debian.org> <200811272136.08643.atomo64@gmail.com>

Your message dated Sun, 01 Aug 2010 20:50:05 +0000
with message-id <E1OffTx-0007tY-AO@franck.debian.org>
and subject line Bug#507108: fixed in eflite 0.4.1-4
has caused the Debian Bug report #507108,
regarding eflite: buffer overflow when handling environmental variables
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
507108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507108
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: eflite: buffer overflow when handling environmental variables

From: Raphael Geissert <atomo64@gmail.com>

Date: Thu, 27 Nov 2008 21:36:07 -0600

Message-id: <200811272136.08643.atomo64@gmail.com>
Package: eflite
Version: 0.4.1-1
Severity: normal

Hi,

While scanning some packages I found the following piece of code which leads 
to a buffer overflow when an overly long HOME env var is used.

Affected code (es.c):
>   char buf[513];
>   char *p;
>
>   p = getenv("HOME");
>   sprintf(buf, "%s/.es.conf", p);

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

To: 507108-close@bugs.debian.org
Subject: Bug#507108: fixed in eflite 0.4.1-4
From: Samuel Thibault <sthibault@debian.org>
Date: Sun, 01 Aug 2010 20:50:05 +0000
Message-id: <E1OffTx-0007tY-AO@franck.debian.org>

Source: eflite
Source-Version: 0.4.1-4

We believe that the bug you reported is fixed in the latest version of
eflite, which is due to be installed in the Debian FTP archive:

eflite_0.4.1-4.diff.gz
  to main/e/eflite/eflite_0.4.1-4.diff.gz
eflite_0.4.1-4.dsc
  to main/e/eflite/eflite_0.4.1-4.dsc
eflite_0.4.1-4_amd64.deb
  to main/e/eflite/eflite_0.4.1-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated eflite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Jul 2010 01:48:07 +0200
Source: eflite
Binary: eflite
Architecture: source amd64
Version: 0.4.1-4
Distribution: unstable
Urgency: low
Maintainer: Debian Accessibility Team <debian-accessibility@lists.debian.org>
Changed-By: Samuel Thibault <sthibault@debian.org>
Description: 
 eflite     - Festival-Lite based emacspeak speech server
Closes: 507108 577864
Changes: 
 eflite (0.4.1-4) unstable; urgency=low
 .
   [ Mario Lang ]
   * Add Homepage field to debian/control.
 .
   [ Samuel Thibault ]
   * es.c: Fix buffer overflow (Closes: #507108).
   * Makefile.in: Fix flite link flags (Closes: #577864).
   * debian/control:
     - Add myself in Uploaders.
     - Bump Standards-Version to 3.9.1 (no changes needed).
     - Document that only English is supported.
Checksums-Sha1: 
 3edd4896b288db8d66581203845996bd8aac6b0e 1218 eflite_0.4.1-4.dsc
 0fb88688b941982f923084f7acdc8280bcc34744 4760 eflite_0.4.1-4.diff.gz
 60f21c40ac4519094862a89df706bc99153cc9d0 22470 eflite_0.4.1-4_amd64.deb
Checksums-Sha256: 
 d11de7915330934b7d7e7de6f4c14c4eda1924860c62be929f92dda3a3ab7133 1218 eflite_0.4.1-4.dsc
 1666bbe69ac49d69fb5a3668d2904dfd50054677b1b2c14478e77440637ffaf5 4760 eflite_0.4.1-4.diff.gz
 48beb781521460a13488ab6b652cbc0b0124f87397cb7048060bef6c07d4b728 22470 eflite_0.4.1-4_amd64.deb
Files: 
 79a194cdcccab0e0091270d9d795b53a 1218 sound extra eflite_0.4.1-4.dsc
 cf03af0f60fcd0616befc1eb58bd50c9 4760 sound extra eflite_0.4.1-4.diff.gz
 0d2a341101d970fd9a3fab992e3d8c26 22470 sound extra eflite_0.4.1-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAkxV1oMACgkQjSdX/Wzu6KZFbQEAk7AXErszhCNLb402fu1OZ3R/
bSXe41VLZo7rymiOQigBALKVklypH7PyKIVKgwwyvx1I4ixptRUfPz5QMME/vmoP
=IX71
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: eflite_0.4.1-4_amd64.changes ACCEPTED
Next by Date: Bug#577864: marked as done (eflite: FTBFS: fs.c:364: undefined reference to `register_cmu_us_kal')
Previous by thread: eflite_0.4.1-4_amd64.changes ACCEPTED
Next by thread: Bug#577864: marked as done (eflite: FTBFS: fs.c:364: undefined reference to `register_cmu_us_kal')
Index(es):
- Date
- Thread