Hi, I'm proposing a fix for gabedit in Wheezy. A buffer overflow has been detected, which can be fixed with a one-liner. See these references: http://sourceforge.net/p/gabedit/bugs/2/#f00e http://bugs.debian.org/703965 The debdiff is attached. Regards, Daniel
diff -Nru gabedit-2.4.2/debian/changelog gabedit-2.4.2/debian/changelog --- gabedit-2.4.2/debian/changelog 2012-06-10 18:38:22.000000000 +0200 +++ gabedit-2.4.2/debian/changelog 2013-07-29 00:42:53.000000000 +0200 @@ -1,3 +1,11 @@ +gabedit (2.4.2-2+wheezy1) stable; urgency=low + + * debian/patches/703965_fix_buffer_overflow.patch: Added. + - Fix buffer overflow parsing GAMESS output files (closes: #703965). + * debian/patches/series: Adjusted. + + -- Daniel Leidert <dleidert@debian.org> Mon, 29 Jul 2013 00:42:50 +0200 + gabedit (2.4.2-2) unstable; urgency=low * debian/compat: Bumped dh compatibility level to 7. diff -Nru gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch --- gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch 2013-07-29 00:03:38.000000000 +0200 @@ -0,0 +1,17 @@ +Author: Allouche Abdul-Rahman <allouche@lasim.univ-lyon1.fr> +Reviewed-By: Daniel Leidert <dleidert@debian.org> +Description: Fix a buffer overflow parsing GAMESS output files. +Origin: http://sourceforge.net/p/gabedit/bugs/2/#f00e +Bug: http://sourceforge.net/p/gabedit/bugs/2/ +Bug-Debian: http://bugs.debian.org/703965 + +--- a/src/Display/AnimationGeomConv.c ++++ b/src/Display/AnimationGeomConv.c +@@ -1441,6 +1441,7 @@ + if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]); + + ++ sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); + sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); + sprintf(listOfAtoms[j].mmType,"%s",AtomCoord[0]); + sprintf(listOfAtoms[j].pdbType,"%s",AtomCoord[0]); diff -Nru gabedit-2.4.2/debian/patches/series gabedit-2.4.2/debian/patches/series --- gabedit-2.4.2/debian/patches/series 2012-06-10 18:26:03.000000000 +0200 +++ gabedit-2.4.2/debian/patches/series 2013-07-29 00:03:38.000000000 +0200 @@ -1 +1,2 @@ +703965_fix_buffer_overflow.patch hardening_fix.patch
Attachment:
signature.asc
Description: This is a digitally signed message part