[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#803097: marked as done (busybox: segmentation fault while unzipping bad archive)



Your message dated Sat, 31 Oct 2015 04:48:51 +0000
with message-id <E1ZsO5z-0002Ch-Dw@franck.debian.org>
and subject line Bug#803097: fixed in busybox 1:1.17.1-8+deb6u11
has caused the Debian Bug report #803097,
regarding busybox: segmentation fault while unzipping bad archive
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
803097: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: buzybox
Version: 1:1.22.0-15
Severity: normal
Tags: security, fixed-upstream

Unziping a specially crafted zip file results in a computation of an invalid
pointer and a crash reading an invalid address.

Mailing list post:
  http://www.openwall.com/lists/oss-security/2015/10/25/3
Fix:
  http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWLn2SAAoJECet96ROqnV0Na0QAMltt4Ou89+Y1MygWLoME4or
TJTdvBlUmZhkZAKup6ZbnrdRsF/sUZZB62F/2DibIbtL3bEbSypfOHsg6P/+Q/j9
vxxxD/yJ1Ry1/Qqseox1Ye7IuoqIto2Gey88bhZVRjHNPBXY3wBQfBF7IbJIpnZH
+Lr5uVb8+4vIXy3iKbxLhXY7/hNj19Lg4n4AqQVq/Lbqz1ZLQUAdsOAulrN1l9bJ
lcFvtZ5kxWS8a2du+qIfpy14avdpv+rrD+StWbkzbemri9XZpDyGeeFvhg/BQMz/
n+4P5c8B5GVa7IZRxtVTc8tRV2gv3LvipewXxXdX7xxYfXt4iw8SHtFxvUxAD6JM
l8dXuSdWFxVKHkf7T8o7refxTyuZ0mY3fmRmpi1dLJiRRegoCarlSs/1YbgjCdp9
R0Y5aS+QWrVRrIcq9BYnCxDa+lBmuMpb6qNFYCVmXideI6RyR3Q+us/aNn/sOCPQ
AoKu2tHstHISigTzIjJMVERHBoJInciF4XnxpKJ6XXXIj/1UGNtlRyIpkfY6G2BP
ygiTwrtyKLAy3hXNd2rgoWjBW1MkSpg9izumH3E8Pfah+jLqJD/WuBR56yLFL76X
PECdqv/tojzqOTgSCxNsvqlP8h8f8FIxXH87xvKyXfOigPw+tMGTeO3q+uCSPak5
O1B2G9rwbzoiBpO7ungy
=PGtQ
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.17.1-8+deb6u11

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803097@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Oct 2015 04:39:59 +0000
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source all amd64
Version: 1:1.17.1-8+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description: 
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 803097
Changes: 
 busybox (1:1.17.1-8+deb6u11) squeeze-lts; urgency=high
 .
   * Fix segmentation fault while unzipping bad archive (Closes: #803097)
Checksums-Sha1: 
 f91687e67c197caced447b5ef6f3f85d460ea810 1792 busybox_1.17.1-8+deb6u11.dsc
 40c3f45830c936235e3086b584cd63935cff7f75 66759 busybox_1.17.1-8+deb6u11.debian.tar.gz
 59bc4752ea751d4c1a592aad3395f58fd86f919c 13590 busybox-syslogd_1.17.1-8+deb6u11_all.deb
 eea447ab967afb9eb5bd9ba464b6c04783bca959 11214 udhcpc_1.17.1-8+deb6u11_all.deb
 6fac1b5219b86ae593b5a6535b670955fcd584c3 14526 udhcpd_1.17.1-8+deb6u11_all.deb
 25db472490d4ec85555bea9cb582187a22e1724b 336554 busybox_1.17.1-8+deb6u11_amd64.deb
 654d8ba6c1fcd83ef1a19aab74660b9d37567da6 959082 busybox-static_1.17.1-8+deb6u11_amd64.deb
 ce80c4a42f28ac55e89c2a69341db2b5fbdde071 160216 busybox-udeb_1.17.1-8+deb6u11_amd64.udeb
Checksums-Sha256: 
 292502ef4f97da7070b7c8940f2ff6ccc0877cb0c341e68519b6b0433733652c 1792 busybox_1.17.1-8+deb6u11.dsc
 e1d75aaa6323f9735e1ed35862fa34099e10aa40823d740039b6ebcd86a7053f 66759 busybox_1.17.1-8+deb6u11.debian.tar.gz
 cdf3a689407c5bd707ddec369ed54056a0ae8df1a110ef6ece9792e1de9c2229 13590 busybox-syslogd_1.17.1-8+deb6u11_all.deb
 6f7a1ba33ae906ea5c99c2c349bacedb34bf7e01d8c59948e37cb7ad91043f92 11214 udhcpc_1.17.1-8+deb6u11_all.deb
 f26849dee5c31e3ccee9eb7c90f73203087e7a98a9328030eff1bfd5da83e324 14526 udhcpd_1.17.1-8+deb6u11_all.deb
 4305684d6ea2a3fe230b9094bcf2676a6f9f01b740b7742967a346bedf4d0d6a 336554 busybox_1.17.1-8+deb6u11_amd64.deb
 02d9e424fb7a62c03acb16675c1244e1ef12cd6b086f1f27d570a4869ac60c35 959082 busybox-static_1.17.1-8+deb6u11_amd64.deb
 c82946c33d1c66eba33261e6e8a579d8f112a6bf23e587e98cff06e27dc134b8 160216 busybox-udeb_1.17.1-8+deb6u11_amd64.udeb
Files: 
 51a69f10195dd5c9d3decd0f6307a0b0 1792 utils optional busybox_1.17.1-8+deb6u11.dsc
 9d698b439286cfcfe1d0a5a431315b7d 66759 utils optional busybox_1.17.1-8+deb6u11.debian.tar.gz
 cac65a68920eb6d6b2a3528f3c5dec04 13590 utils optional busybox-syslogd_1.17.1-8+deb6u11_all.deb
 e104409343fbaab779b5e5bb61f6db4a 11214 net optional udhcpc_1.17.1-8+deb6u11_all.deb
 6d673ff48defbda3bcc16683f40231eb 14526 net optional udhcpd_1.17.1-8+deb6u11_all.deb
 efa900cdf381287b38b02c01236b018d 336554 utils optional busybox_1.17.1-8+deb6u11_amd64.deb
 9b248b5c3b43a54a290709b8bec5961f 959082 shells extra busybox-static_1.17.1-8+deb6u11_amd64.deb
 73732e188feed6730aca35335d8bbc04 160216 debian-installer extra busybox-udeb_1.17.1-8+deb6u11_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWNEbWAAoJEB6VPifUMR5Y3kEQAIQDb50FP0ABXEJvoXd/HxTz
mkaLIs5LfkznNtKB1sFXqnFgNqbYF/Fnad3dFHd5dhoudSc4Tnw5iR/oqXnNc9dB
NXQcjceFZao5Lh+gaV3Fc9/pDKNXTNIJcR9N7EqYqut3VFiRl7K66z3HDEszIkIU
D6HTqsCdI7jI9XNMWQOWpj5yWZTVLYATkb0EPnROcmbSx8/ZNSfCWKiOMEdTAin9
zA/T+Y87+60wf2XAzhqZvSmXlObcOMW18tT9n43gV+tGTCU9KXI/cUCdk9Jr3mBb
KOx8nvrpyMqoDnDsWcUl5DS8ZWCtI/5ssEjVPUjWl8M10K8Ng4R+cUHCHWq0vpSB
iHA48Xasm4X1SYnguRfoj+Z1N0OV0FI3UoQYixnkOvMwpnXKuPlIqE9fvw5kPHwx
b/j9BfUrzwf4V+9qmGygLZJlXAq1Rnhc22g7XG4WwVatXHpalzRqVgi3o4+E/98v
MMea1XXT5RgoFbJTjR/9XhP6bnVGSbnzb0D0gwk24KH98lOifzw/px8caI6qBCOl
bmquCYgydovnIuoV9obzG/9VhuhaM1B1WaCNa270WP0/0TQRDqcuBbxRZmrY2GZf
s8+PG3u9bYit14MlUfnw9Sg2GwMn+97PRXUxU+kE/QG7EDL0efRYDesxWkqiUbxu
50oi8R0funkl7OYQjfPj
=OWH+
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: