Accepted mixmaster 3.0b2-4.etch1 (source i386)

To: debian-changes@lists.debian.org
Subject: Accepted mixmaster 3.0b2-4.etch1 (source i386)
From: Peter Palfrader <weasel@debian.org>
Date: Wed, 15 Aug 2007 22:39:23 +0000
Message-id: <[🔎] E1ILRWN-0005rn-58@ries.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Apr 2007 17:14:50 +0200
Source: mixmaster
Binary: mixmaster
Architecture: source i386
Version: 3.0b2-4.etch1
Distribution: stable
Urgency: high
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description: 
 mixmaster  - Anonymous remailer client and server
Closes: 418662
Changes: 
 mixmaster (3.0b2-4.etch1) stable; urgency=high
 .
   * Backport a fix from upstream:
     In two functions in keymgt.c we had allocated a buffer of 33 bytes
     when if fact we were using one more - 34 - bytes.  This buffer
     overflow is exposed when building with gcc 4.x, it never was exposed
     with previous compilers because they apparently layed out the stack
     differently.
     The result of this buffer overflow is that a single 0-byte will be
     written at the end of the buffer.  At that position on the stack
     there is (at least in the previous build) a saved local variable
     from a calling function.  This local variable is a pointer to a
     BUFFER struct and this pointer has its least significant byte
     set to zero.
     This prevents mixmaster from properly decrypting incoming type2
     messages.  It's not likely that this can be exploited to execute
     arbitrary code, tho evidence or argument to the contrary are of course
     welcome.
     Upstream patch:
     http://svn.noreply.org/cgi-bin/viewcvs.cgi/trunk/Mix/Src/keymgt.c?rev=929&r1=766&r2=929
     Closes: #418662
     Thanks to Hauke Lampe and Colin Tuckley.
Files: 
 182afe3dc74d9e42b50ed17c19f12598 659 mail optional mixmaster_3.0b2-4.etch1.dsc
 c2e8f9a416dd3cfa3212a64ce3e379ce 36923 mail optional mixmaster_3.0b2-4.etch1.diff.gz
 c238304be3f333d3b6fa89889ee3f8ca 241782 mail optional mixmaster_3.0b2-4.etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGLjXoz/ccs6+kS90RAto9AJ9CPopB4+Qhd/Adi/Je1iN5hJf8MACeOHHa
S1mZUrzv4No/19a7sJ2o1aY=
=BlLt
-----END PGP SIGNATURE-----


Accepted:
mixmaster_3.0b2-4.etch1.diff.gz
  to pool/main/m/mixmaster/mixmaster_3.0b2-4.etch1.diff.gz
mixmaster_3.0b2-4.etch1.dsc
  to pool/main/m/mixmaster/mixmaster_3.0b2-4.etch1.dsc
mixmaster_3.0b2-4.etch1_i386.deb
  to pool/main/m/mixmaster/mixmaster_3.0b2-4.etch1_i386.deb

Reply to:

Prev by Date: Accepted mplayer 1.0~rc1-12etch1 (source all amd64)
Next by Date: Accepted mozilla-traybiff 1.2.2-13etch1 (source i386 all)
Previous by thread: Accepted mplayer 1.0~rc1-12etch1 (source all amd64)
Next by thread: Accepted mozilla-traybiff 1.2.2-13etch1 (source i386 all)
Index(es):
- Date
- Thread