Your message dated Fri, 14 Jan 2005 13:17:12 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#289942: fixed in trackballs 1.0.0-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Jan 2005 23:12:39 +0000
>From [EMAIL PROTECTED] Tue Jan 11 15:12:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 82-41-53-115.cable.ubr07.edin.blueyonder.co.uk (lappy.my.flat)
[82.41.53.115]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CoVBm-00025A-00; Tue, 11 Jan 2005 15:12:39 -0800
Received: from skx by lappy.my.flat with local (Exim 4.34)
id 1CoVAf-0001hl-VH; Tue, 11 Jan 2005 23:11:30 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Steve Kemp <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject:
=?iso-8859-1?q?trackballs=3A_Three_unchecked_buffer_overflows=0D=0A***_Pleas?=
=?iso-8859-1?q?e_type_your_report_below_this_line_***?=
X-Mailer: reportbug 3.5
Date: Tue, 11 Jan 2005 23:11:29 +0000
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: trackballs
Version: 1.0.0-6
Severity: normal
Tags: patch, sarge
There are three unchecked buffer overflows in the code I missed
last time round (#184478)
They are:
1. Unchecked use of $TRACKBALLS
2. Overflow on command line parameter (-e)
3. Overflow on command line parameter (-l)
Patch below should be sufficient to close them up.
Steve
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages trackballs depends on:
ii guile-1.6-libs 1.6.4-4 Main Guile libraries
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.3-6 GCC support library
ii libguile-ltdl-1 1.6.7-1 Guile's patched version of libtool
ii libqthreads-12 1.6.7-1 QuickThreads library for Guile
ii libsdl-image1.2 1.2.3-6 image loading library for Simple D
ii libsdl-mixer1.2 1.2.5-9 mixer library for Simple DirectMed
ii libsdl-ttf2.0-0 2.0.6-5 ttf library for Simple DirectMedia
ii libsdl1.2debian 1.2.7+1.2.8cvs20041007-3 Simple DirectMedia Layer
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii trackballs-data 1.0.0-6 Data files for trackballs
ii xlibmesa-gl [li 4.3.0.dfsg.1-10 Mesa 3D graphics library [XFree86]
ii xlibmesa-glu [l 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--- mmad.cc-orig 2005-01-11 23:07:43.000000000 +0000
+++ mmad.cc 2005-01-11 23:08:30.000000000 +0000
@@ -166,7 +166,7 @@
print_usage (stdout, 0);
case 'e':
editMode = 1;
- sprintf(Settings::settings->specialLevel,"%s",optarg);
+
snprintf(Settings::settings->specialLevel,sizeof(Settings::settings->specialLevel)-1,"%s",optarg);
Settings::settings->doSpecialLevel=1;
break;
case 't':
@@ -175,7 +175,7 @@
audio=0; // no audio
break;
case 'l':
- sprintf(Settings::settings->specialLevel,"%s",optarg);
+
snprintf(Settings::settings->specialLevel,sizeof(Settings::settings->specialLevel)-1,"%s",optarg);
Settings::settings->doSpecialLevel=1;
break;
case 'w': settings->is_windowed=1; break;
@@ -397,7 +397,7 @@
effectiveShareDir[0]=0;
/* From environment variable */
char *evar=getenv("TRACKBALLS");
- if(evar && strlen(evar) > 0) sprintf(effectiveShareDir,"%s",evar);
+ if(evar && strlen(evar) > 0)
snprintf(effectiveShareDir,sizeof(effectiveShareDir)-1,"%s",evar);
//printf("Looking for %s\n", effectiveShareDir);
if(!testDir()) {
char thisDir[256];
---------------------------------------
Received: (at 289942-close) by bugs.debian.org; 14 Jan 2005 18:23:04 +0000
>From [EMAIL PROTECTED] Fri Jan 14 10:23:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CpW6C-0001VS-00; Fri, 14 Jan 2005 10:23:04 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CpW0W-0007E5-00; Fri, 14 Jan 2005 13:17:12 -0500
From: Ari Pollak <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#289942: fixed in trackballs 1.0.0-7
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 14 Jan 2005 13:17:12 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: trackballs
Source-Version: 1.0.0-7
We believe that the bug you reported is fixed in the latest version of
trackballs, which is due to be installed in the Debian FTP archive:
trackballs-data_1.0.0-7_all.deb
to pool/main/t/trackballs/trackballs-data_1.0.0-7_all.deb
trackballs_1.0.0-7.diff.gz
to pool/main/t/trackballs/trackballs_1.0.0-7.diff.gz
trackballs_1.0.0-7.dsc
to pool/main/t/trackballs/trackballs_1.0.0-7.dsc
trackballs_1.0.0-7_i386.deb
to pool/main/t/trackballs/trackballs_1.0.0-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <[EMAIL PROTECTED]> (supplier of updated trackballs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 14 Jan 2005 12:54:41 -0500
Source: trackballs
Binary: trackballs trackballs-data
Architecture: source i386 all
Version: 1.0.0-7
Distribution: unstable
Urgency: low
Maintainer: Ari Pollak <[EMAIL PROTECTED]>
Changed-By: Ari Pollak <[EMAIL PROTECTED]>
Description:
trackballs - An OpenGL-based game of marbles through a labyrinth
trackballs-data - Data files for trackballs
Closes: 289942
Changes:
trackballs (1.0.0-7) unstable; urgency=low
.
* Apply modified patch from Steve Kemp to fix buffer overflows
(Closes: #289942)
Files:
f42e20d4da99c8e3c61f6b3905f8a961 726 games extra trackballs_1.0.0-7.dsc
9e021d30c399d34c73218d8588305431 62910 games extra trackballs_1.0.0-7.diff.gz
d57e7df2b68091e042d77d63ef7b3cf4 158038 games extra trackballs_1.0.0-7_i386.deb
8466811fb1588f275f555c81fde227e7 4544944 games extra
trackballs-data_1.0.0-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB6AhZwO+u47cOQDsRAsV6AJ900l5YRGit/9fsPbICJhYqsVXvwACcCclI
Kv3E4uBQ6/ylvGRIsv4pR0k=
=UzQp
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
