[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#603070: unblock: rssh/2.3.2-13



Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock rssh 2.3.2-13, which fixes a memory allocation programming
error that leads to a one-byte buffer overflow.  The overflow only
involves data coming from local configuration or static in the program and
therefore should not be exploitable, but since it's a one-line patch and
memory overwrites are scary, I'd like to get this fixed for squeeze.

Changelog:

  * When allocating the buffer to tell a locked-out user what commands are
    supported, add an additional byte for the nul at the end of the
    string.  (Closes: #601145)

unblock rssh/2.3.2-13

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



Reply to: