Re: Please accept sarg-2.0.7-1 in sarge
Quoting Steve Langasek <vorlon@debian.org>:
. Fixes segfault, produced by inproper use of strncpy functions,
look - strncpy
doesn't copy leading '\0' symbol!
Can you explain the impact of this segfault?
While generating the index file parsing directories if the month string is
longer than 3 char a strncpy call in index.c generates a not null-terminated
string that is subsequently passed to a strcat, resulting in a segfault.
With an unpatched binary the workaround is to rename the offending directory,
otherwise sarg will continue to segfault.
Sarg does not have rdepends and really can do no harm... :-)
The harm it does is adding to the release team's load if a new RC bug is
found in the newer version you're proposing. Given the time constraints
that apply to reviewing each request, we must assume that this risk always
exists, so only packages that fix specific bugs will be allowed in now that
we've frozen.
I do know. Just kidding while asking for something out of the rules... :-)
Regards,
L
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Reply to: