Bug#713037: marked as done (xtermset overruns array bounds)

To: Chrysostomos Nanakos <cnanakos@debian.org>
Subject: Bug#713037: marked as done (xtermset overruns array bounds)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 29 Jul 2015 16:03:12 +0000
Message-id: <[🔎] handler.713037.D713037.143818564320734.ackdone@bugs.debian.org>
References: <E1ZKTmZ-0000vG-R9@franck.debian.org> <CAMZ=zj4d4v+P8eA8dw6NyaR62+vCyJrLkDcuc=zVt9j8nTVeiQ@mail.gmail.com>

Your message dated Wed, 29 Jul 2015 16:00:39 +0000
with message-id <E1ZKTmZ-0000vG-R9@franck.debian.org>
and subject line Bug#713037: fixed in xtermset 0.5.2-6
has caused the Debian Bug report #713037,
regarding xtermset overruns array bounds
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
713037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713037
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: xtermset overruns array bounds

From: David Starner <prosfilaes@gmail.com>

Date: Fri, 21 Jun 2013 16:13:30 -0700

Message-id: <CAMZ=zj4d4v+P8eA8dw6NyaR62+vCyJrLkDcuc=zVt9j8nTVeiQ@mail.gmail.com>
Package: xtermset
Version: 0.5.2-5
Tags: patch

https://buildd.debian.org/~brlink/packages/x/xtermset.html warns that
it overrunns array bounds. Looking at the code, it defines a couple
arrays as c[2] and then writes to c[2], so there's a clear problem
here. It's confusing what they get indexed on, but running gdb on it
convinces me that 2 should be the highest index value, and hence the
arrays should be large enough with the patch.

It's really overwriting memory that it shouldn't. I don't know if it
coincidently works, or if it's not working right in rare circumstances
right now, but it is wrong.

--
Kie ekzistas vivo, ekzistas espero.
Attachment: xtermset-overrun.diff
Description: Binary data

--- End Message ---

--- Begin Message ---

To: 713037-close@bugs.debian.org
Subject: Bug#713037: fixed in xtermset 0.5.2-6
From: Chrysostomos Nanakos <cnanakos@debian.org>
Date: Wed, 29 Jul 2015 16:00:39 +0000
Message-id: <E1ZKTmZ-0000vG-R9@franck.debian.org>

Source: xtermset
Source-Version: 0.5.2-6

We believe that the bug you reported is fixed in the latest version of
xtermset, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 713037@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chrysostomos Nanakos <cnanakos@debian.org> (supplier of updated xtermset package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Jul 2015 14:20:32 +0300
Source: xtermset
Binary: xtermset
Architecture: source
Version: 0.5.2-6
Distribution: unstable
Urgency: medium
Maintainer: Chrysostomos Nanakos <cnanakos@debian.org>
Changed-By: Chrysostomos Nanakos <cnanakos@debian.org>
Description:
 xtermset   - change the characteristics of an xterm
Closes: 614803 713037
Changes:
 xtermset (0.5.2-6) unstable; urgency=medium
 .
   * New maintainer (Closes: #614803)
   * Update S-V to 3.9.6
   * Fix array bounds overruns. Thanks David Starner <prosfilaes@gmail.com>
     for the patch (Closes: #713037)
   * Lintian cleaning
Checksums-Sha1:
 f74415f4426bb4e98ec6e25b777fe3844d3f614f 1865 xtermset_0.5.2-6.dsc
 cf6ce5d0c32d4f695330f784e3bda863b1b8aa57 46328 xtermset_0.5.2.orig.tar.gz
 d8bc4958774f0ddc61fefb3a2ec90302b3ea5ef3 5088 xtermset_0.5.2-6.debian.tar.xz
Checksums-Sha256:
 1812815de72327539b2c6dbb3eb67e253e58b6ed641b0f344b85719bce6152f8 1865 xtermset_0.5.2-6.dsc
 3f1e086e34980ffa4a26d9a5a68ecb50abe774bedb3789e964e83c7b5c255b9c 46328 xtermset_0.5.2.orig.tar.gz
 b49e8944b499207e70e10e6525c0d1e756a12163f83bec3e6e6813d2e45f8e4f 5088 xtermset_0.5.2-6.debian.tar.xz
Files:
 e1bda462d0f4003f09d09860ef060253 1865 x11 optional xtermset_0.5.2-6.dsc
 36c9273884ed74e8b872adb3622d50d9 46328 x11 optional xtermset_0.5.2.orig.tar.gz
 faacbb38ebd4d1bef0e1cef6f7beb583 5088 x11 optional xtermset_0.5.2-6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVuNl9AAoJEIc96jCdE4B/qZcP/36rsywy/0gFhisd6mF64T11
SFLqphIZ9FBrJ1pac3sMipSjMFwbAWTNtTqkKFDqXlFYz1sIRnSXAifJJKyP4ZkW
AZo0wYzBCdyD6ZhgTwmm3waG6Vph9hdJkkOeZPH2vSzgtPmKcFwyLM5b2o25WayB
Xo+axV1Wwa5UNyMuS93J5x5qgD5Oy4w4B7ovtHoIUHfgLcAEgj/wICyehcQN4ysk
1RvWtlKDCnlp/haGNkn3O/DYNu5HhBTzY17yq1to38VyKFGU96Cta0BU4Qz2iblg
Dc5xiJbE8mgAONivCJBpR7Pl2zcSalKbzKjUBgyYk2BvJC5eW/i/x/1UVWUzxtLG
qkhPhQX0jX72bbLGg0FmHVJ5FtVaDBIUbCAFPljF2JW7YaIE3d7SLldO3+aHND7Z
qGuitDKqQwMq0z0JXB68a/hNZ4J64HLwgQeyc2x00B0cfQQ553DnPNHFJu1MQLoP
Dj3WPxxuzIkCVmsBYtfEQPKf5fh0aZeXnegCVdb1TqoIe3KFRqXW6JUpfa8ofwOC
lDQr4+/sdBSuCw437pa6dKiG7NUuURjqbNcGXjPM/GMsAZZdDz/hjfwUm4jxxouT
FBbOdrLX2u5UlOFMaCtbNEAfKlHPbNP/EDs9FIWulcU13XRLNz5YGzBnmAEmXbSP
/9D/CnDqaatQPLVQWhRi
=Puvq
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: grun_0.9.3-2_amd64.changes ACCEPTED into unstable
Next by Date: Processing of album_4.12-4_amd64.changes
Previous by thread: grun_0.9.3-2_amd64.changes ACCEPTED into unstable
Next by thread: Processing of album_4.12-4_amd64.changes
Index(es):
- Date
- Thread