severity 183312 important retitle 183312 xbase-clients: [xman] buffer overflow in MANPATH handling thanks Colin makes a good point; I am therefore downgrading the severity of this bug. ----- Forwarded message from Colin Watson <cjwatson@debian.org> ----- From: Colin Watson <cjwatson@debian.org> To: 183312@bugs.debian.org Subject: Bug#183312: xbase-clients: Buffer overflow in "xman" Date: Sat, 15 Mar 2003 11:51:26 -0600 Message-ID: <[🔎] 20030315115126.A3155@debian.org> User-Agent: Mutt/1.2.5i X-Spam-Status: No, hits=-39.1 required=4.0 tests=DEBIAN_BTS_BUG,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES,RESENT_TO, USER_AGENT_MUTT,X_LOOP autolearn=ham version=2.50 On Tue, Mar 04, 2003 at 12:05:05PM -0500, Branden Robinson wrote: > On Tue, Mar 04, 2003 at 03:34:27PM +0000, Colin Watson wrote: > > I'm working on a patch for this. The xman code is riddled with static > > buffers. > > Great, thank you. I'll gladly accept it as soon as it's ready. I'm still on this, vacation notwithstanding; sorry for the delay. Can I suggest that this bug should be downgraded in the meantime? xman is not setuid and not a network service, so there's no reason why a segfault there should be considered a security problem. Exploiting one's own account is not interesting. :) -- Colin Watson [cjwatson@flatline.org.uk] ----- End forwarded message ----- -- G. Branden Robinson | Religion is regarded by the common Debian GNU/Linux | people as true, by the wise as branden@debian.org | false, and by the rulers as useful. http://people.debian.org/~branden/ | -- Lucius Annaeus Seneca
Attachment:
pgpTHVvXmPrB6.pgp
Description: PGP signature