Bug#700079: pu: package dtach/0.8-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Dear RMs,
Please accept this stable upload for #625302
CVE-2012-3368 random text sent on window close
The patch is the same as in 0.8-2.1:
[2012-07-07] dtach 0.8-2.1 MIGRATED to testing (Britney)
Thanks,
Stefan
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -u dtach-0.8/debian/changelog dtach-0.8/debian/changelog
--- dtach-0.8/debian/changelog
+++ dtach-0.8/debian/changelog
@@ -1,3 +1,9 @@
+dtach (0.8-2+squeeze1) stable; urgency=low
+
+ * Fix CVE-2012-3368: properly handle close request (Closes: #625302).
+
+ -- Stefan Völkel <stefan@bc-bd.org> Thu, 07 Feb 2013 17:04:48 +0100
+
dtach (0.8-2) unstable; urgency=low
* Updated to Policy version 3.8.1
only in patch2:
unchanged:
--- dtach-0.8.orig/attach.c
+++ dtach-0.8/attach.c
@@ -237,12 +237,16 @@
/* stdin activity */
if (n > 0 && FD_ISSET(0, &readfds))
{
+ ssize_t l;
+
pkt.type = MSG_PUSH;
memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+ l = read(0, pkt.u.buf, sizeof(pkt.u.buf));
- if (pkt.len <= 0)
+ if (l <= 0)
exit(1);
+
+ pkt.len = l;
process_kbd(s, &pkt);
n--;
}
Reply to: