Bug#779397: marked as done (xterm: buffer overflow with -S option)
Your message dated Sun, 01 Mar 2015 11:34:56 +0000
with message-id <E1YS29A-0007Vm-CO@franck.debian.org>
and subject line Bug#779397: fixed in xterm 312-2
has caused the Debian Bug report #779397,
regarding xterm: buffer overflow with -S option
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
779397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779397
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xterm: buffer overflow with -S option
- From: Vincent Lefevre <vincent@vinc17.net>
- Date: Sat, 28 Feb 2015 03:37:53 +0100
- Message-id: <20150228023752.GA23731@xvii.vinc17.org>
Package: xterm
Version: 312-1
Severity: important
Tags: security
$ xterm -S/dev/pts/20
*** buffer overflow detected ***: /usr/bin/xterm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x731ff)[0x7f4de0b1b1ff]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f4de0b9e4c7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf46e0)[0x7f4de0b9c6e0]
/lib/x86_64-linux-gnu/libc.so.6(__stpncpy_chk+0x0)[0x7f4de0b9bb40]
/usr/bin/xterm[0x408eb0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f4de0ac9b45]
/usr/bin/xterm[0x408f9c]
======= Memory map: ========
[...]
Not sure whether this is a security issue, but a buffer overflow
looks really wrong...
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages xterm depends on:
ii libc6 2.19-15
ii libfontconfig1 2.11.0-6.3
ii libice6 2:1.0.9-1+b1
ii libtinfo5 5.9+20140913-1+b1
ii libutempter0 1.1.5-4
ii libx11-6 2:1.6.2-3
ii libxaw7 2:1.0.12-2+b1
ii libxft2 2.3.2-1
ii libxmu6 2:1.1.2-1
ii libxpm4 1:3.5.11-1+b1
ii libxt6 1:1.1.4-1+b1
ii xbitmaps 1.1.1-2
Versions of packages xterm recommends:
ii x11-utils 7.7+2
Versions of packages xterm suggests:
pn xfonts-cyrillic <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xterm
Source-Version: 312-2
We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 779397@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated xterm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Mar 2015 11:45:01 +0100
Source: xterm
Binary: xterm
Architecture: source
Version: 312-2
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description:
xterm - X terminal emulator
Closes: 779397
Changes:
xterm (312-2) unstable; urgency=medium
.
* Cherry-pick a patch from xterm 314: change passedPty[] to an
allocated string to ensure it is long enough for the -S option
value (Closes: #779397).
Checksums-Sha1:
d76459004e6aff43d5cc62f12846a46951c43c77 2046 xterm_312-2.dsc
8cbb02f632216da753a288c5dbf28919ff2f8de3 97046 xterm_312-2.diff.gz
Checksums-Sha256:
4ad1962ca21f8ea76d8642b81898c0c3de70f5864a897d022f05a4a47661ddd8 2046 xterm_312-2.dsc
aa366ec7f91aeee8b3017d298cb9fea760447363d8d887ac82284db9e4fcaa05 97046 xterm_312-2.diff.gz
Files:
9ff4b32da49e01d8d23915198c9b82b8 2046 x11 optional xterm_312-2.dsc
23ac89b75fdc6e571e7ac8524e7bd3ca 97046 x11 optional xterm_312-2.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJU8u4dAAoJEDsQbnGNazGsMYIQAIzCY1VS9ySr3NzxszwbOjFe
L4MeshpVm2ZYdgkruJDBjutTBDKJGlrYbS71YyS9P8FzlV9VNlgOX6cud03y8VZa
VKzAesr1l8QTIqRaZEEFcv27rdwT80/Qq7nFTf9IcMIMCAgTJTy0sjf0Ho6GjimF
ms/q4Ocm2onQYyfZLumJBJgjQthaj6rRGi3f5u1lka+JLwPKk/mVeKHbHeclKHY9
GDqzBq8+Ucu44+CGCf3GO4mLATuegwKbIdvK0/wE9BA3dnasQcl0fQZ6I73bmFD1
O5dIUzeogPwoLGWYVqhmmkSXvRkmvRnOIcSYC1/ZIBgil4OIOl/ZH1yyucpk6sj/
ARJiDG6TyJXNozIiTbaUNbxkGcIN13GtLMfNk4N7GbloGG2AHKNxm5VaaYpydcw1
MjwJonSCoiN0x7ddb8+ZksM1jwJbQPexH3z3z04VeY1C0KilzHVSq2oPInJ3nsIn
WkDhkTZm2fVHOHrKahHmBPwieNu/nO/ZVGmATe4DlZ3r4Au/MpEQbbiiRvNpAM4x
l4UiRQXrlo883ziVUCC0tKGINSX1i5hHOY0BpsQGldk71o/DbtuZSKzCfuacMjrz
nHm4KW1Ku2WohPgIcE1+WZ/cIXGoccWpV4xOzhbHnunbymPq3kjB+QPeyJ551aJI
Nxvt1JKVNdnDV0PbINAr
=Uepc
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: