Your message dated Sat, 07 Jun 2008 06:47:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#484572: fixed in motion 3.2.9-3 has caused the Debian Bug report #484572, regarding [motion] off-by-one in webhttpd.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 484572: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: motion Version: 3.2.9-2 Severity: minor Hi, there is an off-by-one programming error in webhttpd: From webhttpd.c: 1950 static int read_client(int client_socket, void *userdata, char *auth) .... 1954 char buffer[1024] = {'\0'}; 1955 int length = 1024; .... 1963 int nread = 0, readb = -1; 1964· 1965 nread = read (client_socket, buffer, length); 1966· 1967 if (nread <= 0) { 1968 motion_log(LOG_ERR, 1, "httpd First read"); 1969 pthread_mutex_unlock(&httpd_mutex); 1970 return -1; 1971 } 1972 else { 1973 char method[sizeof (buffer)]; 1974 char url[sizeof (buffer)]; 1975 char protocol[sizeof (buffer)]; 1976 char *authentication=NULL; 1977· 1978 buffer[nread] = '\0'; This function reads an HTTP request by a client connecting to the administration port of motion.· If the client send exactly or more than 1024 as an HTTP request line 1978 will write one byte too far, to buffer[1024] as read in line 1965 will return 1024 bytes. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpRLF76d2vhv.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: motion Source-Version: 3.2.9-3 We believe that the bug you reported is fixed in the latest version of motion, which is due to be installed in the Debian FTP archive: motion_3.2.9-3.diff.gz to pool/main/m/motion/motion_3.2.9-3.diff.gz motion_3.2.9-3.dsc to pool/main/m/motion/motion_3.2.9-3.dsc motion_3.2.9-3_amd64.deb to pool/main/m/motion/motion_3.2.9-3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Juan Angulo Moreno <[EMAIL PROTECTED]> (supplier of updated motion package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 06 Jun 2008 23:29:02 -0430 Source: motion Binary: motion Architecture: source amd64 Version: 3.2.9-3 Distribution: unstable Urgency: low Maintainer: Juan Angulo Moreno <[EMAIL PROTECTED]> Changed-By: Juan Angulo Moreno <[EMAIL PROTECTED]> Description: motion - V4L capture program supporting motion detection Closes: 419158 484148 484410 484566 484570 484572 Changes: motion (3.2.9-3) unstable; urgency=low . * Debconf translation: Galician (Closes: #484148). Thanks Jacobo Tarrio. * Fixed: Document removal of motion-control (Closes: #419158). * Fixed: Bashism in debian/rules (Closes: #484410). * Fixed: Off-by-one in webhttpd.c (Closes: #484572). Thanks Angel Carpintero. * Fixed: Motion crashes after some time of running (Closes: #484566). Thanks Angel Carpintero. * Fixed: motion.conf world readable and thus writable through web interface by default (Closes: #484570). Checksums-Sha1: c8ddb940da379521e549188fd7ef22c3a4a54821 1088 motion_3.2.9-3.dsc ae6bc7ba19d3045a03c03588979bad44901d1671 32337 motion_3.2.9-3.diff.gz 360695a99151d8b30731d733e6b9d60e12b4ed53 276226 motion_3.2.9-3_amd64.deb Checksums-Sha256: 305a4c93ca4f9552faf41281a7a09c22068d9b08c0bae7f455edb80917c2c8b7 1088 motion_3.2.9-3.dsc 6bf1d3f85327c74b6a26add1611fbf01afabc2df6616b68cce5a67b88444f953 32337 motion_3.2.9-3.diff.gz e82af6379207561b1cde1887f6e7149f50eaffc6fdb26691e47d966b2d4ebb3b 276226 motion_3.2.9-3_amd64.deb Files: 719b48db77f743d22135c496706032b0 1088 graphics optional motion_3.2.9-3.dsc 1263211501b214bc98339f19d45b3260 32337 graphics optional motion_3.2.9-3.diff.gz 04930970bf1f1d55cc1b2c899397e1b0 276226 graphics optional motion_3.2.9-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhKKowACgkQgY5NIXPNpFVDUgCdFOINCkt/Cy+xcKN0OLOl18wK a54AoJW3M4jImPnXR+FvZwfczpL6YXes =3b1a -----END PGP SIGNATURE-----
--- End Message ---
