[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#635370: marked as done (busybox: integer overflow in expression on big endian)

Your message dated Tue, 12 Jun 2012 11:02:26 +0000
with message-id <E1SeOri-00036I-Bm@franck.debian.org>
and subject line Bug#635370: fixed in busybox 1:1.20.0-3
has caused the Debian Bug report #635370,
regarding busybox: integer overflow in expression on big endian
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

635370: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635370
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: busybox
Version: 1.18.5-1
Priority: wishlist

include/archive.h:17: warning: integer overflow in expression

Only shown on big endian architectures. Probably best to replace
     17         XZ_MAGIC1a  = ((0xfd * 256 + '7') * 256 + 'z') * 256 + 'X',
with XZ_MAGIC1a = 0xFD377A58UL directly instead.

The little endian case is probably fine because 0xFD has bit7 on, 'X' off.

--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.20.0-3

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive:

  to main/b/busybox/busybox-static_1.20.0-3_i386.deb
  to main/b/busybox/busybox-syslogd_1.20.0-3_all.deb
  to main/b/busybox/busybox-udeb_1.20.0-3_i386.udeb
  to main/b/busybox/busybox_1.20.0-3.debian.tar.gz
  to main/b/busybox/busybox_1.20.0-3.dsc
  to main/b/busybox/busybox_1.20.0-3_i386.deb
  to main/b/busybox/udhcpc_1.20.0-3_i386.deb
  to main/b/busybox/udhcpd_1.20.0-3_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635370@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Sat, 02 Jun 2012 14:54:04 +0400
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source all i386
Version: 1:1.20.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 635370 635548
 busybox (1:1.20.0-3) unstable; urgency=low
   * 1.20 had a few fixes which I forgot to mention:
     - integer overflow in expression on big endian (Closes: #635370)
       (I dislike the fix since it makes use of 64bit integers
       instead of using unsigned 32bit, but this is how upstream
       fixed it)
     - CVE-2011-2716 udhcpc insufficient checking of DHCP options (Closes: #635548)
       busybox dhcpd now replaces values of HOST_NAME, DOMAIN_NAME,
       NIS_DOMAIN, TFTP_SERVER_NAME with the literal string "bad"
       if these contains any bad characters.
   * applied stable patches from upstream (ash, man, ifupdown, tar)
 60eeeebaa9063717370174713a4409fdf4990933 1610 busybox_1.20.0-3.dsc
 20bd5adcbfb32bac41a7eb963cba80b1fcad3ae1 51184 busybox_1.20.0-3.debian.tar.gz
 31eb0e1882901dad5b50e6ad218c28aebfc93bda 19356 busybox-syslogd_1.20.0-3_all.deb
 488f5a0b1d0637eb6abfbc34de7a84bd6e0cefec 876936 busybox-static_1.20.0-3_i386.deb
 d06d577af0abc7c8bfbd01fd1c413c3fb45857da 439684 busybox_1.20.0-3_i386.deb
 81829b2a3d7e6fb47d46e5db9d06fd6feef2708e 17018 udhcpc_1.20.0-3_i386.deb
 10569b7d28e824c66d96a874a24e31198addda69 20324 udhcpd_1.20.0-3_i386.deb
 7a8555d042c945faa7e193e185f23932eaabf1fe 202436 busybox-udeb_1.20.0-3_i386.udeb
 fd70216c557d46c231d9d93c0dcb80d7ccf3275867031386a38d5298327101ee 1610 busybox_1.20.0-3.dsc
 435bb91ded64e074970496ba1da6cbe1bbaf7708780adbc43bcf378d31c5e843 51184 busybox_1.20.0-3.debian.tar.gz
 a2ad958a1fa02e8440a26319c06952ea3c08928a6f4e16174ef21c01dc1c2b04 19356 busybox-syslogd_1.20.0-3_all.deb
 e1cab2095e871c921c0d312985c280edb4b51b4a5f0b06a384f39d98434d223c 876936 busybox-static_1.20.0-3_i386.deb
 dfe0701e61071ee42a77f4683bfa13f8c04f2485198ec8ccadc4a01997e49c07 439684 busybox_1.20.0-3_i386.deb
 902815928b6158766d304673389003ef444c702cae4b1b73a101b1e6d5c05ae4 17018 udhcpc_1.20.0-3_i386.deb
 5407d304ab7d0605aa7390d72b9d77bf56e7b76c7a24b8786e70c917ba8a3fb9 20324 udhcpd_1.20.0-3_i386.deb
 d04c402a94477bd4d891c7ad28bf7f3ff303cc0770a0c93ba317f98e8f1dbc71 202436 busybox-udeb_1.20.0-3_i386.udeb
 9512e17e0b1105f7a8c14a21ed30b1d6 1610 utils optional busybox_1.20.0-3.dsc
 e9640d24fc54a4bc8909bd6c228f3e6c 51184 utils optional busybox_1.20.0-3.debian.tar.gz
 300214c269a3dedc63e2d790b8a3ad9c 19356 utils optional busybox-syslogd_1.20.0-3_all.deb
 62dca991bfbf4b4a10e4b7bd19834684 876936 shells extra busybox-static_1.20.0-3_i386.deb
 7aaa4659813e6cde9123ed8d51981dc8 439684 utils optional busybox_1.20.0-3_i386.deb
 3fdec9a078bee1da61ac28ae6d543ece 17018 net optional udhcpc_1.20.0-3_i386.deb
 104d66badb26a1ecfd8b6f7614a1441a 20324 net optional udhcpd_1.20.0-3_i386.deb
 49722875a87faf8577c8bec8ea0a59e0 202436 debian-installer extra busybox-udeb_1.20.0-3_i386.udeb

Version: GnuPG v1.4.12 (GNU/Linux)


--- End Message ---

Reply to: