Your message dated Tue, 22 Feb 2005 14:47:15 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#260429: fixed in libcgicc 3.2.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jul 2004 15:23:00 +0000
>From [EMAIL PROTECTED] Tue Jul 20 08:23:00 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail2.webmessenger.it (mail2a.webresidence.it) [193.70.193.55]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BmwSK-0000AD-00; Tue, 20 Jul 2004 08:23:00 -0700
Received: from bohr.pisa.iol.it (193.76.233.84) by mail2a.webresidence.it
(7.0.027-DD01)
id 40FCFF700000019A; Tue, 20 Jul 2004 17:22:29 +0200
Received: from giuseppe by bohr.pisa.iol.it with local (Exim 4.32)
id 1BmwRo-00070l-8Y; Tue, 20 Jul 2004 17:22:28 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: giuseppe bonacci <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libcgicc1-dev: fails to check %xx codes before decoding form arguments
X-Mailer: reportbug 2.63
Date: Tue, 20 Jul 2004 17:22:27 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: peppe <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: libcgicc1-dev
Version: 3.2.2-1
Severity: important
The parser fails to check enough characters are available before
decoding '%xx' sequences in form parameters. Consequently, cgi programs
built over the library can segfault when passed malformed input, and
may become remotely exploitable security holes.
The problem has been solved in upstream version 3.2.3.
$ cat cgi.cc
#include <iostream>
#include <string>
#include "cgicc/CgiDefs.h"
#include "cgicc/Cgicc.h"
#include "cgicc/HTTPHTMLHeader.h"
#include "cgicc/HTMLClasses.h"
int main() {
try {
cgicc::Cgicc cgi;
std::cout << "instantiated successfully\n";
} catch (std::exception& e) {
std::cout << e.what() << '\n';
return 1;
} catch (...) {
std::cout << "Aaaargh\n";
return 1;
}
return 0;
}
$ c++ -W -Wall -ansi -pedantic cgi.cc -lcgicc
$ export REQUEST_METHOD=GET
$ export QUERY_STRING=key=val%2e
$ echo "$QUERY_STRING"
key=val%2e
$ ./a.out
instantiated successfully
$ export QUERY_STRING=key=val%2
$ echo "$QUERY_STRING"
key=val%2
$ ./a.out
Segmentation fault
$ export QUERY_STRING=key=val%
$ echo "$QUERY_STRING"
key=val%
$ ./a.out
Segmentation fault
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-686
Locale: LANG=C, LC_CTYPE=C
Versions of packages libcgicc1-dev depends on:
ii libcgicc1 3.2.2-1 A C++ class library for writing CG
-- no debconf information
---------------------------------------
Received: (at 260429-close) by bugs.debian.org; 22 Feb 2005 19:53:02 +0000
>From [EMAIL PROTECTED] Tue Feb 22 11:53:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D3g5e-0002Il-00; Tue, 22 Feb 2005 11:53:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D3g03-0005WR-00; Tue, 22 Feb 2005 14:47:15 -0500
From: Chris Butler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#260429: fixed in libcgicc 3.2.3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 22 Feb 2005 14:47:15 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: libcgicc
Source-Version: 3.2.3-1
We believe that the bug you reported is fixed in the latest version of
libcgicc, which is due to be installed in the Debian FTP archive:
libcgicc1-dev_3.2.3-1_i386.deb
to pool/main/libc/libcgicc/libcgicc1-dev_3.2.3-1_i386.deb
libcgicc1_3.2.3-1_i386.deb
to pool/main/libc/libcgicc/libcgicc1_3.2.3-1_i386.deb
libcgicc_3.2.3-1.diff.gz
to pool/main/libc/libcgicc/libcgicc_3.2.3-1.diff.gz
libcgicc_3.2.3-1.dsc
to pool/main/libc/libcgicc/libcgicc_3.2.3-1.dsc
libcgicc_3.2.3.orig.tar.gz
to pool/main/libc/libcgicc/libcgicc_3.2.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Butler <[EMAIL PROTECTED]> (supplier of updated libcgicc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 22 Feb 2005 15:11:52 +0000
Source: libcgicc
Binary: libcgicc1-dev libcgicc1
Architecture: source i386
Version: 3.2.3-1
Distribution: unstable
Urgency: low
Maintainer: Chris Butler <[EMAIL PROTECTED]>
Changed-By: Chris Butler <[EMAIL PROTECTED]>
Description:
libcgicc1 - A C++ class library for writing CGI applications
libcgicc1-dev - A C++ class library for writing CGI applications
Closes: 260429
Changes:
libcgicc (3.2.3-1) unstable; urgency=low
.
* New upstream version
- form_urldecode now checks length of %-encoded strings
(closes: #260429)
* debian/control: Bumped Standards-Version to 3.6.1
Files:
0f5fd042c722846fb029718aababcf45 582 libs optional libcgicc_3.2.3-1.dsc
57f290cbaea871bc2ccb004d27b1257e 718154 libs optional
libcgicc_3.2.3.orig.tar.gz
80b9c3423952b9a007287978d6e2626d 331390 libs optional libcgicc_3.2.3-1.diff.gz
186588869c09de82a1388e93e9dd3617 325046 libdevel optional
libcgicc1-dev_3.2.3-1_i386.deb
a1cff6fae65bd0dffd7df945ee740d5e 71352 libs optional libcgicc1_3.2.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCG3VNDzQFd9CXomERAioGAJ9vI2FDl2G0czojOtKTwja+jIoi6QCgsjSS
7KAIULKiBvg29oqi9tfhlrw=
=FHc7
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
