Re: Please accept sarg-2.0.7-1 in sarge

[Luigi Gangitano <luigi@debian.org>]

Quoting Steve Langasek <vorlon@debian.org>:
> > . Fixes segfault, produced by inproper use of strncpy functions, 
> > look - strncpy
> >   doesn't copy leading '\0' symbol!
>
> Can you explain the impact of this segfault?

While generating the index file parsing directories if the month string is
longer than 3 char a strncpy call in index.c generates a not null-terminated
string that is subsequently passed to a strcat, resulting in a segfault.

With an unpatched binary the workaround is to rename the offending directory,
otherwise sarg will continue to segfault.

> > Sarg does not have rdepends and really can do no harm... :-)
>
> The harm it does is adding to the release team's load if a new RC bug is
> found in the newer version you're proposing.  Given the time constraints
> that apply to reviewing each request, we must assume that this risk always
> exists, so only packages that fix specific bugs will be allowed in now that
> we've frozen.

I do know. Just kidding while asking for something out of the rules... :-)

Regards,

L

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.