Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)

To: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>
Cc: 280492@bugs.debian.org, sf@sfritsch.de, control@bugs.debian.org
Subject: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
From: Horms <horms@debian.org>
Date: Wed, 19 Jan 2005 12:08:26 +0900
Message-id: <[🔎] 20050119030823.GF17239@verge.net.au>
Reply-to: Horms <horms@debian.org>, 280492@bugs.debian.org
In-reply-to: <[🔎] 20050118182147.GB20005@rembrandt.csv.ica.uni-stuttgart.de>
References: <20050117060702.GA4511@verge.net.au> <E1CRd1G-0008Cg-7G@k.local> <handler.280492.D280492.11059420996135.notifdone@bugs.debian.org> <[🔎] Pine.LNX.4.58.0501171036001.7071@neo.t30.physik.tu-muenchen.de> <[🔎] 20050118080709.GA29463@verge.net.au> <[🔎] 20050118182147.GB20005@rembrandt.csv.ica.uni-stuttgart.de>

reassign 280492 kernel-image-2.4.27-alpha
thanks

On Tue, Jan 18, 2005 at 07:21:47PM +0100, Thiemo Seufer wrote:
> Horms wrote:
> [snip]
> > The patch from ultramonkey.org above was fished out of 
> > a Red Hat Kernel RPM (by me). It still seems to be used
> > in their latest kernel (27.0.1.EL.um.1), so I am going to apply that.
> > But for the other architectures (mips and alpha) there does not
> > seem to be a fix available.
> 
> Mips uses the generic version, the non-padding assembly one does only
> to_user/from_user, which is uncritical.
> 
> > To be honest I am pretty dubious about the security tag
> > on this bug, I don't believe there is a known exploit
> > and at best the bug seems to be regarded as being minor.
> > Would it be acceptable to remove the security tag? 
> 
> It could lead to involuntary disclosure of sensitive data.
> 
> > Would you be happy to have the bug closed by application of the patch
> > you suggested? Or do you want to hold it open because of the
> > outstanding mips and alpha problem? I am pretty tempted to mark it as
> > upstream and wontfix and reprioritise as wishlist if that is the case.
> > Perhaps splitting and reassigning to the relevant misps and alpha
> > kernel-image packages.
> 
> AFAICS reassigning to alpha is ok.

Done :)

-- 
Horms

Reply to:

Follow-Ups:
- Processed: Re: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: sf@sfritsch.de
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: Horms <horms@verge.net.au>
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>

Prev by Date: Bug#291107: kernel-patch-debian-2.6.9: bashism in apply/debian file
Next by Date: Bug#291039: kernel-patch-debian-2.6.10: bashism in apply file
Previous by thread: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
Next by thread: Processed: Re: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
Index(es):
- Date
- Thread