Accepted osh 1.7-12 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Dec 2002 01:12:58 +0900
Source: osh
Binary: osh
Architecture: source i386
Version: 1.7-12
Distribution: unstable
Urgency: high
Maintainer: Oohara Yuuma <oohara@debian.org>
Changed-By: Oohara Yuuma <oohara@debian.org>
Description:
osh - Operator's Shell
Closes: 168383
Changes:
osh (1.7-12) unstable; urgency=high
.
* urgency set to high because this version fixes a buffer overflow
that may cause unauthorized privilege escalation (I'm not sure,
but this is a setuid root shell, so you can't be too careful)
* main.c, struct.h: hacked gettoken() so that it can check the size of
the buffer (closes: #168383) (my patch in #168383 has one bug ---
gettoken() has to check if iword_length >= 2, not 1)
* note that the upstream put some arbitrary restrictions:
- max length of file name: 31
- max length of word (for example, command name): 19
- max length of environment variable: 39
Files:
ae52e94b819195fe78ac08b6be841e38 553 shells extra osh_1.7-12.dsc
5d0549cd5ac5a699946c3c0ebea192be 11661 shells extra osh_1.7-12.diff.gz
b9a46d79fa43ea9f3e07cbb3a7128ba6 26782 shells extra osh_1.7-12_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+DI8FQNb0LvRkppURApmxAKDAbgm10HnViRNPgSaizj5XMwiWRQCdHvnU
Rgihinf3Eype7515asCRexA=
=RlIr
-----END PGP SIGNATURE-----
Accepted:
osh_1.7-12.diff.gz
to pool/main/o/osh/osh_1.7-12.diff.gz
osh_1.7-12.dsc
to pool/main/o/osh/osh_1.7-12.dsc
osh_1.7-12_i386.deb
to pool/main/o/osh/osh_1.7-12_i386.deb
Reply to: