Requesting unblocking of gxine
Could you allow gxine 0.5.8-2 into etch? Reason is that it fixes bug 405876,
"segfault on startup with long HOME dir" (which is tagged important, but
gxine is an optional package).
This version also enables the watchdog code. I chose this over some locking
bug fixes as the "safer" alternative (it was enabled in Ubuntu at my
request); however, I consider both to be important. If you think that I
should include these patches, I'll prepare 0.5.8-3 once 0.5.8-2 is in etch.
Changelog:
gxine (0.5.8-2) unstable; urgency=high
* SECURITY FIX (local exploit) (closes: #405876)
This version fixes a potential buffer overflow in gxine's server
component and in gxine_client. This overflow would occur were $HOME
sufficiently long - 94 bytes or more would cause socket creation or
connection failure, and 242 bytes or more would cause a segfault or
possible arbitrary code execution.
* Enabled the watchdog code (which will kill gxine if it gets stuck for
30 seconds).
-- Darren Salt <linux@youmustbejoking.demon.co.uk> Sun, 07 Jan 2007 19:32:05 +0000
--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Output *more* particulate pollutants. BUFFER AGAINST GLOBAL WARMING.
It now costs more to amuse a child than it once did to educate his father.
Reply to: