Re: Requesting unblocking of gxine

To: debian-release@lists.debian.org
Subject: Re: Requesting unblocking of gxine
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 8 Jan 2007 21:43:34 +0100
Message-id: <[🔎] slrneq5b7m.353.jmm@inutil.org>
References: <[🔎] 4EA21E7CBC%linux@youmustbejoking.demon.co.uk>

On 2007-01-08, Darren Salt <linux@youmustbejoking.demon.co.uk> wrote:
> Could you allow gxine 0.5.8-2 into etch? Reason is that it fixes bug 405876,
> "segfault on startup with long HOME dir" (which is tagged important, but
> gxine is an optional package).
>
> This version also enables the watchdog code. I chose this over some locking
> bug fixes as the "safer" alternative (it was enabled in Ubuntu at my
> request); however, I consider both to be important. If you think that I
> should include these patches, I'll prepare 0.5.8-3 once 0.5.8-2 is in etch.
>
> Changelog:
>
> gxine (0.5.8-2) unstable; urgency=high
>
>   * SECURITY FIX (local exploit)			(closes: #405876)
>     This version fixes a potential buffer overflow in gxine's server
>     component and in gxine_client. This overflow would occur were $HOME
>     sufficiently long - 94 bytes or more would cause socket creation or
>     connection failure, and 242 bytes or more would cause a segfault or
>     possible arbitrary code execution.

But gxine isn't setuid or setgid?

Cheers,
        Moritz

Reply to:

References:
- Requesting unblocking of gxine
  - From: Darren Salt <linux@youmustbejoking.demon.co.uk>

Prev by Date: Please unblock em8300/0.16.0-2
Next by Date: Re: Bug#402179: tar: FTBFS: race condition in test-suite
Previous by thread: Requesting unblocking of gxine
Next by thread: Re: Requesting unblocking of gxine
Index(es):
- Date
- Thread