[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#183312: [cjwatson@debian.org: Bug#183312: xbase-clients: Buffer overflow in "xman"]



severity 183312 important
retitle 183312 xbase-clients: [xman] buffer overflow in MANPATH handling
thanks

Colin makes a good point; I am therefore downgrading the severity of
this bug.

----- Forwarded message from Colin Watson <cjwatson@debian.org> -----

From: Colin Watson <cjwatson@debian.org>
To: 183312@bugs.debian.org
Subject: Bug#183312: xbase-clients: Buffer overflow in "xman"
Date: Sat, 15 Mar 2003 11:51:26 -0600
Message-ID: <20030315115126.A3155@debian.org>
User-Agent: Mutt/1.2.5i
X-Spam-Status: No, hits=-39.1 required=4.0
	tests=DEBIAN_BTS_BUG,EMAIL_ATTRIBUTION,IN_REP_TO,
	      QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES,RESENT_TO,
	      USER_AGENT_MUTT,X_LOOP
	autolearn=ham	version=2.50

On Tue, Mar 04, 2003 at 12:05:05PM -0500, Branden Robinson wrote:
> On Tue, Mar 04, 2003 at 03:34:27PM +0000, Colin Watson wrote:
> > I'm working on a patch for this. The xman code is riddled with static
> > buffers.
> 
> Great, thank you.  I'll gladly accept it as soon as it's ready.

I'm still on this, vacation notwithstanding; sorry for the delay.

Can I suggest that this bug should be downgraded in the meantime? xman
is not setuid and not a network service, so there's no reason why a
segfault there should be considered a security problem. Exploiting one's
own account is not interesting. :)

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]


----- End forwarded message -----

-- 
G. Branden Robinson                |    Religion is regarded by the common
Debian GNU/Linux                   |    people as true, by the wise as
branden@debian.org                 |    false, and by the rulers as useful.
http://people.debian.org/~branden/ |    -- Lucius Annaeus Seneca

Attachment: pgpzFiWEmQwZO.pgp
Description: PGP signature


Reply to: