[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted osh 1.7-12 (i386 source)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 28 Dec 2002 01:12:58 +0900
Source: osh
Binary: osh
Architecture: source i386
Version: 1.7-12
Distribution: unstable
Urgency: high
Maintainer: Oohara Yuuma <oohara@debian.org>
Changed-By: Oohara Yuuma <oohara@debian.org>
Description: 
 osh        - Operator's Shell
Closes: 168383
Changes: 
 osh (1.7-12) unstable; urgency=high
 .
   * urgency set to high because this version fixes a buffer overflow
     that may cause unauthorized privilege escalation (I'm not sure,
     but this is a setuid root shell, so you can't be too careful)
   * main.c, struct.h: hacked gettoken() so that it can check the size of
     the buffer (closes: #168383) (my patch in #168383 has one bug ---
     gettoken() has to check if iword_length >= 2, not 1)
   * note that the upstream put some arbitrary restrictions:
     - max length of file name: 31
     - max length of word (for example, command name): 19
     - max length of environment variable: 39
Files: 
 ae52e94b819195fe78ac08b6be841e38 553 shells extra osh_1.7-12.dsc
 5d0549cd5ac5a699946c3c0ebea192be 11661 shells extra osh_1.7-12.diff.gz
 b9a46d79fa43ea9f3e07cbb3a7128ba6 26782 shells extra osh_1.7-12_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+DI8FQNb0LvRkppURApmxAKDAbgm10HnViRNPgSaizj5XMwiWRQCdHvnU
Rgihinf3Eype7515asCRexA=
=RlIr
-----END PGP SIGNATURE-----


Accepted:
osh_1.7-12.diff.gz
  to pool/main/o/osh/osh_1.7-12.diff.gz
osh_1.7-12.dsc
  to pool/main/o/osh/osh_1.7-12.dsc
osh_1.7-12_i386.deb
  to pool/main/o/osh/osh_1.7-12_i386.deb
Reply to: