Your message dated Wed, 05 May 2021 12:33:36 +0000 with message-id <E1leGie-0000lj-Ly@fasolo.debian.org> and subject line Bug#987959: fixed in pev 0.81-3 has caused the Debian Bug report #987959, regarding pev: peres affected by off-by-one error in libpe to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 987959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987959 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pev: peres affected by off-by-one error in libpe
- From: Benoit Sevens <benoit.sevens@gmail.com>
- Date: Sun, 02 May 2021 20:27:28 +0200
- Message-id: <161998004814.143827.13124465023429559397.reportbug@bsevens.zrh.corp.google.com>
Package: pev Version: 0.81-2 Severity: grave Tags: patch security Justification: user security hole X-Debbugs-Cc: benoit.sevens@gmail.com, Debian Security Team <team@security.debian.org> Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** libpe has an off-by-one error which is fixed upstream. libpe is included in the pev package. peres calls functions within libpe. Running peres on certain files triggers the off-by-one error. Applying the patch fixes the issue. -- System Information: Debian Release: rodete Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.26-1rodete1-amd64 (SMP w/6 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pev depends on: ii libc6 2.31-11 ii libssl1.1 1.1.1k-1 pev recommends no packages. pev suggests no packages. -- no debconf information>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001 From: Jardel Weyrich <jweyrich@gmail.com> Date: Mon, 18 Jan 2021 22:03:49 -0300 Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii. --- utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.c b/utils.c index bd2da84..f05ba67 100644 --- a/utils.c +++ b/utils.c @@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) { void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) { // quick & dirty UFT16 to ASCII conversion - for (size_t p = 0; p <= length; p++) { + for (size_t p = 0; p < length; p++) { memcpy(output + p, (uint16_t *)(widechar) + p, 1); } }>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001 From: Jardel Weyrich <jweyrich@gmail.com> Date: Mon, 18 Jan 2021 22:03:49 -0300 Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii. --- utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.c b/utils.c index bd2da84..f05ba67 100644 --- a/utils.c +++ b/utils.c @@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) { void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) { // quick & dirty UFT16 to ASCII conversion - for (size_t p = 0; p <= length; p++) { + for (size_t p = 0; p < length; p++) { memcpy(output + p, (uint16_t *)(widechar) + p, 1); } }>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001 From: Jardel Weyrich <jweyrich@gmail.com> Date: Mon, 18 Jan 2021 22:03:49 -0300 Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii. --- utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.c b/utils.c index bd2da84..f05ba67 100644 --- a/utils.c +++ b/utils.c @@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) { void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) { // quick & dirty UFT16 to ASCII conversion - for (size_t p = 0; p <= length; p++) { + for (size_t p = 0; p < length; p++) { memcpy(output + p, (uint16_t *)(widechar) + p, 1); } }
--- End Message ---
--- Begin Message ---
- To: 987959-close@bugs.debian.org
- Subject: Bug#987959: fixed in pev 0.81-3
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 05 May 2021 12:33:36 +0000
- Message-id: <E1leGie-0000lj-Ly@fasolo.debian.org>
- Reply-to: Petter Reinholdtsen <pere@debian.org>
Source: pev Source-Version: 0.81-3 Done: Petter Reinholdtsen <pere@debian.org> We believe that the bug you reported is fixed in the latest version of pev, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 987959@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Petter Reinholdtsen <pere@debian.org> (supplier of updated pev package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 05 May 2021 14:09:18 +0200 Source: pev Architecture: source Version: 0.81-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Petter Reinholdtsen <pere@debian.org> Closes: 987959 Changes: pev (0.81-3) unstable; urgency=medium . * QA upload. * Avoid off-by-one error in libpe pe_utils_str_widechar2ascii() (Closes: #987959) * Extended autopkgtest to report if the Windows EXE file is missing. Checksums-Sha1: 37d3db1087419c0268bf35dc1cd81f84b6a50fc4 1829 pev_0.81-3.dsc c496b9c03609ab8c7eb93093aed6e0a864f6dcf8 4388 pev_0.81-3.debian.tar.xz 58ed1750c4ac1a6451b24361c385e0a84e03db23 6442 pev_0.81-3_source.buildinfo Checksums-Sha256: 1c1a31d06efc9d3b991b0181deda31a434b10964b417cdbf47f733623df51585 1829 pev_0.81-3.dsc 94d7965d310ea7d993c73d17d041bbd5d517abd5b11caef45dd8be7204719835 4388 pev_0.81-3.debian.tar.xz a390167ba5ab5bc7fc0782f0ce3ed79f03969c68ff1a497f3ddd286ca5a3e0a0 6442 pev_0.81-3_source.buildinfo Files: 3e4da4a90cc1aa186d5a1b63b17f8767 1829 utils optional pev_0.81-3.dsc 01f70866f9ad1863a805822dc210f77f 4388 utils optional pev_0.81-3.debian.tar.xz 3ee2ad67acd6097653985ce67d512cf5 6442 utils optional pev_0.81-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmCSi0gACgkQgSgKoIe6 +w5zAA/8C0SsAHyc8VBHLjaxThaDSqnpUz8d0PmLDqndLfAkV6MSQFYQlDy3PZCL GhhQhWrEj4rHS5FaioaUtyvBBZQLzpp33YADKbOjK9Z495ECHZ9JbkpTAGzUG2VX SO8F8xfO5buROwzfQkT2Qq5In/GFVtghOIv+So6cGKoS2nWV/QP/KEdDSOkFY6IV TWTSFvM9rKzFlnKFEdnpjCwb2PMFIojTB/ySz4rnMgopagMIZs1LgVixJR4hfH7H Gq1B+eAaikxYImCmLdQNr47s4PkodkNqHmSDFzOpbEJ4ClbPY/3T4y6sVf+5H1MO z90u7twknlnOt7YUEvuMUA1eFqBuh2xXUzNVQFQ+ZKefBtUsNkfV5Q0Kk+Kct1Yx hH2jBVm5UaczmAlIkqEqOCY4jvP1NzztFJkyQt1iDHMmzhiBePADD+IGGvR2B2Km khOM0ytdbuXcE/lP2lvsoKqurvj9IRVPfJmc2iN7IcAanSe02tz137FRARPszRid gJg+v06oXIiPiGFwLxeXzWz+qp2yl188Nwh9Te7yvE5uZgeLl9Vc/+wpaacaJtgO BlsvC9DK4GWt6nPRk3j8aiMSXhJxYO35mCNiNs6lmqmWjhSJyTZL67Kwytrti8Gp EbFGDXGm8s5XhIO+GrDW/HyWl4OSqaqgbrvBpno15dYPWeyMb5Y= =DXyX -----END PGP SIGNATURE-----
--- End Message ---