On 26/06/13 18:46, Alexandre Rebert wrote: > We found a crash in mtree contained in the freebsd-buildutils package.
The 'full report' is a .tar.bz2 full of stuff. There is a testcase designed to trigger a crash in mtree if used instead of a real specification file. Either through fuzzing or reverse engineering. mtree is typically run as root, but with a trusted specification file, in an untrusted directory tree. So perhaps a real bug but probably not a security issue. > We are planning to submit the bug to the Debian bug tracking system in two > weeks. We wanted to give you a heads-up, so that you some time to assess the > seriousness of the bug before it is publicly disclosed. Mailing the public lists (debian-bsd@, debian-kernel@, ...) probably wasn't intended then... Regards, -- Steven Chamberlain [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
