Bug#227759: marked as done ([CAN-2003-0988] kdepim-kfile-plugins: VCF file information reader arbitrary code execution vulnerability)
Your message dated Mon, 1 Mar 2004 00:08:20 +0200
with message-id <20040229220820.GA30630@kos.to>
and subject line Testing fixed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Jan 2004 21:30:35 +0000
>From abrowaeys@libertysurf.fr Wed Jan 14 15:30:35 2004
Return-path: <abrowaeys@libertysurf.fr>
Received: from mail.libertysurf.net [213.36.80.91]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Agsaw-0001OE-00; Wed, 14 Jan 2004 15:30:35 -0600
Received: from argos.server.maison (212.129.22.96) by mail.libertysurf.net (6.5.033)
id 3FFAFB1D00A9EA11; Wed, 14 Jan 2004 22:30:34 +0100
Received: from prahal by argos.server.maison with local (Exim 3.36 #1 (Debian))
id 1AgsjZ-0003Zi-00; Wed, 14 Jan 2004 22:39:29 +0100
Date: Wed, 14 Jan 2004 22:39:28 +0100
From: Alban Browaeys <albanbrowaeys@oreka.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kdepim-kfile-plugins: KDE Security Advisory: VCF file information reader vulnerability
Message-ID: <20040114213928.GA13734@argos.server>
Reply-To: Alban Browaeys <albanbrowaeys@oreka.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp"
Content-Disposition: inline
X-Reportbug-Version: 2.37
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Alban Browaeys <abrowaeys@libertysurf.fr>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_01_14
(1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2004_01_14
X-Spam-Level:
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: kdepim-kfile-plugins
Version: 3.1.4
Severity: critical
Tags: security
Justification: root security hole
Hem not really root i admit:
http://www.kde.org/info/security/advisory-20040114-1.txt
A patch for KDE 3.1.4 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
26469366cc393e50ff80d6dca8c74c58
post-3.1.4-kdepim-kfile-plugins.diff
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux argos 2.6.1 #2 Sun Jan 11 04:19:23 CET 2004 i686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="post-3.1.4-kdepim-kfile-plugins.diff"
--- vcf/kfile_vcf.cpp 2003-07-16 21:12:41.000000000 +0200
+++ vcf/kfile_vcf.cpp 2003-12-16 15:38:20.000000000 +0100
@@ -90,17 +90,17 @@
while (!done) {
// read a line
- file.readLine(linebuf, 4096);
+ file.readLine(linebuf, sizeof(linebuf));
// have we got something useful?
if (memcmp(linebuf, id_name, 3) == 0) {
// we have a name
myptr = linebuf + 3;
- strncpy(buf_name, myptr, 999);
+ strlcpy(buf_name, myptr, sizeof( buf_name ));
} else if (memcmp(linebuf, id_email, 15) == 0) {
// we have a name
myptr = linebuf + 15;
- strncpy(buf_email, myptr, 999);
+ strlcpy(buf_email, myptr, sizeof( buf_email ));
}
// are we done yet?
--17pEHd4RhPHOinZp--
---------------------------------------
Received: (at 227759-done) by bugs.debian.org; 29 Feb 2004 22:08:36 +0000
>From nchip@kos.to Sun Feb 29 14:08:36 2004
Return-path: <nchip@kos.to>
Received: from xdsl-177-5.nblnetworks.fi (watergate.kos.to) [217.30.177.5] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AxZ6y-0006GN-00; Sun, 29 Feb 2004 14:08:36 -0800
Received: from nchip by watergate.kos.to with local (Exim 4.24)
id 1AxZ6i-0007yG-La
for 227759-done@bugs.debian.org; Mon, 01 Mar 2004 00:08:20 +0200
Date: Mon, 1 Mar 2004 00:08:20 +0200
From: Riku Voipio <riku.voipio@iki.fi>
To: 227759-done@bugs.debian.org
Subject: Testing fixed
Message-ID: <20040229220820.GA30630@kos.to>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-message-flag: Warning: message not sent with a DRM-Certified client
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Riku Voipio <nchip@kos.to>
Delivered-To: 227759-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_27
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no
version=2.60-bugs.debian.org_2004_02_27
X-Spam-Level:
Hi,
We have 3.1.5-1.1 in testing now too.
--
Riku Voipio | riku.voipio@iki.fi |
kirkkonummentie 33 | +358 40 8476974 --+--
02140 Espoo | |
dark> A bad analogy is like leaky screwdriver |
Reply to: