--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi Release Team!
cfingerd in unstable addresses CVE-2013-1049 to fix a buffer overflow
in rfc1413 (ident) client. See #700098.
Would it be possible to have cfingerd unblocked for wheezy? Debdiff
against the version in Wheezy ist attached.
unblock cfingerd/1.4.3-3.1
Thank you for your work, and regards,
Salvatore
Base version: cfingerd_1.4.3-3 from testing
Target version: cfingerd_1.4.3-3.1 from unstable
No hints in place.
Excuses:
debian/changelog | 9 +++++++++
src/rfc1413.c | 6 ++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff -u cfingerd-1.4.3/debian/changelog cfingerd-1.4.3/debian/changelog
--- cfingerd-1.4.3/debian/changelog
+++ cfingerd-1.4.3/debian/changelog
@@ -1,3 +1,12 @@
+cfingerd (1.4.3-3.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * [SECURITY] CVE-2013-1049: fix buffer overflow in rfc1413 (ident) client.
+ Thanks to Malcolm Scott <debianpkg@malc.org.uk> and Marc Deslauriers
+ <marc.deslauriers@ubuntu.com> (Closes: #700098) (LP: #1104425)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 09 Feb 2013 18:38:28 +0100
+
cfingerd (1.4.3-3) unstable; urgency=low
* Approve NMU
diff -u cfingerd-1.4.3/src/rfc1413.c cfingerd-1.4.3/src/rfc1413.c
--- cfingerd-1.4.3/src/rfc1413.c
+++ cfingerd-1.4.3/src/rfc1413.c
@@ -25,7 +25,9 @@
* the implementation. Completely rewritten by yours truly to be self-
* contained in a single program. Simple, easy to use.
*/
-#define BUFLEN (2 * INET6_ADDRSTRLEN)
+#define UNAMELEN 64
+#define BUFLEN UNAMELEN + INET6_ADDRSTRLEN + 2
+#define INPUTLEN 256
char *get_rfc1413_data(struct sockaddr_storage * local_addr,
struct sockaddr_storage * peer_addr )
{
@@ -34,7 +36,7 @@
struct sockaddr_storage sin;
struct sockaddr_in *sa4 = (struct sockaddr_in *) &sin;
struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &sin;
- char buffer[1024], buf[BUFLEN], uname[64], *bleah;
+ char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah;
char *cp, *xp;
struct servent *serv;
--- End Message ---