Hi, I am about to make a new security upload (through my sponsor) for elog: elog_2.5.7+r1558-3 against the testing-proposed-updates archive. The new package fixes a buffer overflow[1] (which has no CVE id). For your convenience, I attached the output from debdiff (2.5.7+r1558-2 to 2.5.7+r1558-3). I'll also upload a new package against the unstable, which includes the security fix. Let me know if I need/should do anything else. Best regards, [1] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.647;r2=1.648;f=h -- roktas
diff -u elog-2.5.7+r1558/src/elogd.c elog-2.5.7+r1558/src/elogd.c
--- elog-2.5.7+r1558/src/elogd.c
+++ elog-2.5.7+r1558/src/elogd.c
@@ -942,7 +942,7 @@
int return_buffer_size;
int strlen_retbuf;
int keep_alive;
-char header_buffer[1000];
+char header_buffer[20000];
int return_length;
char host_name[256];
char referer[256];
@@ -21218,6 +21218,8 @@
if (p != NULL) {
length = strlen(p + 4);
header_length = (int) (p - return_buffer);
+ if (header_length+100 > sizeof(header_buffer))
+ header_length = sizeof(header_buffer)-100;
memcpy(header_buffer, return_buffer, header_length);
sprintf(header_buffer + header_length, "\r\nContent-Length: %d\r\n\r\n", length);
send(_sock, header_buffer, strlen(header_buffer), 0);
reverted:
--- elog-2.5.7+r1558/debian/dirs
+++ elog-2.5.7+r1558.orig/debian/dirs
@@ -1,2 +0,0 @@
-usr/bin
-usr/sbin
diff -u elog-2.5.7+r1558/debian/changelog elog-2.5.7+r1558/debian/changelog
--- elog-2.5.7+r1558/debian/changelog
+++ elog-2.5.7+r1558/debian/changelog
@@ -1,3 +1,11 @@
+elog (2.5.7+r1558-3) testing-proposed-updates; urgency=high
+
+ * Security update. Backport the fix (r1.648) for a buffer overflow:
+ http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.647;r2=1.648
+ * Remove redundant debian/dirs file.
+
+ -- Recai OktaÅ? <roktas@omu.edu.tr> Sun, 29 May 2005 19:23:57 +0300
+
elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high
* Fix a possible buffer overflow.
Attachment:
signature.asc
Description: Digital signature