[X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
Control: close -1
Closing (and agreeing on this) by use request.
Mike
On Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote:
Squeeze reached end of life.
Package libc6 in wheezy is patched against the bug.
Package libc6 in jessie is not vulnerable as it uses a newer libc6
release.
So I think we should close this bug and concentrate on updating our
mesa code to the newest version instead of patching some old version.
Best regards
Heinrich
On 31.01.2015 16:04, Mike Gabriel wrote:
Hi Heinrich,
On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
package: nx-libs version: head
In different parts of the nx-libs library you can find usages of
scanf like
/* check for MESA_GAMMA environment variable */ gamma =
_mesa_getenv(MESA_GAMMA); if (gamma) { v-RedGamma =
v-GreenGamma = v-BlueGamma = 0.0; sscanf( gamma, %f %f %f,
v-RedGamma, v-GreenGamma, v-BlueGamma );
According to cppcheck:
scanf without field width limits can crash with huge input data
on libc versions older than 2.13-25. Add a field width specifier
to fix this problem: %i = %3i
Any chance you could also provide a patch for this?
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpy0zSXIyntq.pgp
Description: Digitale PGP-Signatur
___
x2go-dev mailing list
x2go-dev@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Squeeze reached end of life.
Package libc6 in wheezy is patched against the bug.
Package libc6 in jessie is not vulnerable as it uses a newer libc6
release.
So I think we should close this bug and concentrate on updating our
mesa code to the newest version instead of patching some old version.
Best regards
Heinrich
On 31.01.2015 16:04, Mike Gabriel wrote:
Hi Heinrich,
On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
package: nx-libs version: head
In different parts of the nx-libs library you can find usages of
scanf like
/* check for MESA_GAMMA environment variable */ gamma =
_mesa_getenv(MESA_GAMMA); if (gamma) { v-RedGamma =
v-GreenGamma = v-BlueGamma = 0.0; sscanf( gamma, %f %f %f,
v-RedGamma, v-GreenGamma, v-BlueGamma );
According to cppcheck:
scanf without field width limits can crash with huge input data
on libc versions older than 2.13-25. Add a field width specifier
to fix this problem: %i = %3i
Any chance you could also provide a patch for this?
Mike
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJUz+CVAAoJEMSB27wsBRrE4mUP/j3JjSvGQ6chMdlCaQd94Ar6
LIBJvEeS9ZiR/rgFFaXdqUMzZVzYs2bm4Vvp0LlY9iUVFbhCgKQimRhLVq26A1iT
5EtJOFRu51Fzrd1y6Nk00PBKCqbsWSJwI81TUKnckjaCo3QyobWyMqqI75eXjMSf
RSWIGWgtLznPMqvByoKEnndDQjrCBBeMPBF7sinBw5ZM994Ff9VobHv7vXUYwvrY
mXlIgiuVf/6ztFTnwCsDD1hRreOk4BBTgp4tPsVqwB/06l8OvnaeBfD35BOSJ8Ns
AKwbxeRSNFOS4UP01zAgAsTMblzabyKnzS57lGomYQp3RB8c3K9DyUnk6CVSlBlN
AI7fjnaQEW9qL4d8UBRsQlZ7b9vryavNtUY7UyPtVMuXXA0WaewZIGUUpI5odtvd
WAoe0DEY2i+dW3ByIuGC1mH7ujgSLZGuke1gGdODlaLiExDsmm5P6hmIv+xE9gNQ
RBk5pYSx3H75Hckm2yTxhNx/9NcwJbjHa1pwa8Lz6r63/Ssa6TQhxuGsFH2l49iZ
YYbLHEP1s0FKQWxtE1B3NOYLeOwiCP4l7+qJ/KUZnmGCep2L4xC88OP1WMPn4+t6
vfoGkAHr9x0Ii7eP7fFaBEpImlx6dWI9mtZcSRfKfq/OhjAQPMspv7rl149i+1Iu
8OfiW4rp02zs54r92ejJ
=2gk9
-END PGP SIGNATURE-
___
x2go-dev mailing list
x2go-dev@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-dev
Re: [X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 02.02.2015 um 21:39 schrieb Heinrich Schuchardt: Squeeze reached end of life. Um, not quite. There is Squeeze-LTS, after all. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUz+ZZAAoJEG7d9BjNvlEZO28IAKNqgr8oBp0cTrpLZMga+7am MBhADpobMt/s1sZJOL0ozlW/z/2sa7lL/WFI3Kl1AodcgTzBERc+kUkWFWanHmne f/1r0HzxAaEe9STcmm+BZGOrJHCBv/YLdkC/lGi7nWp2pjVE+B9lla+bccBvtWNA oc/CDbGIadmyWHQjMHvQXGB8OHSd1bUgXWuIgIYlfQz01j/9kZKN+Aq082ueV0nS qOTVYI5Aa5PpEKpr76rO1feS5Z/2Ue9Z4oailOhD0VSytL2u2q0Rk/rPgS7P4x6I tsl0/5wM4+BbJtRlnNOBksAICg1qqzxp7z+3AtsbBn6HTyQt4z3QIchbcQBa8QQ= =tQKm -END PGP SIGNATURE- ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
Hi Heinrich,
On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
package: nx-libs
version: head
In different parts of the nx-libs library you can find usages of scanf like
/* check for MESA_GAMMA environment variable */
gamma = _mesa_getenv(MESA_GAMMA);
if (gamma) {
v-RedGamma = v-GreenGamma = v-BlueGamma = 0.0;
sscanf( gamma, %f %f %f, v-RedGamma, v-GreenGamma,
v-BlueGamma );
According to cppcheck:
scanf without field width limits can crash with huge input data on libc
versions older than 2.13-25. Add a field width specifier to fix this
problem:
%i = %3i
Any chance you could also provide a patch for this?
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpC4ejCrsOg7.pgp
Description: Digitale PGP-Signatur
___
x2go-dev mailing list
x2go-dev@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-dev
