[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

Hi Steve,
* Steve Kemp <skx@debian.org> [2007-12-07 20:26]:
> On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
> > What about those, are they unimportant?
> > They are still present in the etch code. I stumbled
> > upon them while preparing a testing-security upload.
>   Uknown.  I used the patch provided by Theodore Tso, which he
>  is/was planning on using for Sid/Ubuntu.

Oh ok.

>   If there are missing bits then we'll need to reissue the update,
>  but right now I believed the patch was as complete as it needed
>  to be.

Ok, I am waiting for his reply, I attached my patch to the 
bug report in unstable. From what I see every multiplication 
with fs->blocksize needs to be checked, all of these are 
coming from the file system. Let's see what he does :)

YFYI this is the patch I used for testing-security.
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgphEbEdRlHvQ.pgp
Description: PGP signature

Reply to: