Your message dated Mon, 25 Apr 2011 23:03:21 +0000
with message-id <[email protected]>
and subject line Bug#623547: fixed in xonix 1.4-27
has caused the Debian Bug report #623547,
regarding Double free in x11.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
623547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623547
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xonix
Version: 1.4-23
Severity: important
Tags: security
I have been performing binary static analysis on some of the Debian 5
package repository.
I identified the following problem in xonix/x11.c
memset(score_rec[i].login, 0, 11);
strncpy(score_rec[i].login, pw->pw_name, 10);
memset(score_rec[i].full, 0, 65);
strncpy(score_rec[i].full, fullname, 64);
score_rec[i].tstamp = time(NULL);
* free(fullname);
if((high = freopen(PATH_HIGHSCORE, "w",high)) == NULL) {
fprintf(stderr, "xonix: cannot reopen high score file\n");
* free(fullname);
gameover_pending = 0;
return;
}
The second free(fullname) should be removed.
I have only investigated this problem on Lenny, but it should be checked to
see if this issue is present in the stable or unstable Debian trees.
--
Silvio
--- End Message ---
--- Begin Message ---
Source: xonix
Source-Version: 1.4-27
We believe that the bug you reported is fixed in the latest version of
xonix, which is due to be installed in the Debian FTP archive:
xonix_1.4-27.debian.tar.gz
to main/x/xonix/xonix_1.4-27.debian.tar.gz
xonix_1.4-27.dsc
to main/x/xonix/xonix_1.4-27.dsc
xonix_1.4-27_amd64.deb
to main/x/xonix/xonix_1.4-27_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jari Aalto <[email protected]> (supplier of updated xonix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 21 Apr 2011 10:24:54 +0300
Source: xonix
Binary: xonix
Architecture: source amd64
Version: 1.4-27
Distribution: unstable
Urgency: low
Maintainer: Jari Aalto <[email protected]>
Changed-By: Jari Aalto <[email protected]>
Description:
xonix - game to carve up the screen whilst dodging monsters
Closes: 623547
Changes:
xonix (1.4-27) unstable; urgency=low
.
* debian/changelog
- Correct line placement in 1.4-26.
* debian/compat
- Update to 8.
* debian/control
- (Build-Depends): update debhelper 8.
- (Standards-Version): Update to 3.9.2.
- (Conflicts): Remove. There is not package suidmanager any longer in
archives.
* debian/copyright
- Update to DEP5.
* debian/patches
- (13): New. Remove double free() call (Closes: #623547).
Checksums-Sha1:
98bbde3fcb84825971d4ab9a9021e956aa0ff60b 1179 xonix_1.4-27.dsc
d6cfad708e748482ee48d7db7985985ff0ad859e 13913 xonix_1.4-27.debian.tar.gz
94f876b861f54fd4dad2121fcae725cf35c92c6b 29790 xonix_1.4-27_amd64.deb
Checksums-Sha256:
10db50cd56f5d2ab8ea38a645022aa350351716365d4010e0aae5d9c9a5553de 1179
xonix_1.4-27.dsc
c97f7ded69a45bfc1abad7531bd74c58937fc24e611308cd3d00156e4e75d619 13913
xonix_1.4-27.debian.tar.gz
aa089837a4fccb3f747aecaff47bd0f8c630f2cc842f2fdaa836e267fd202715 29790
xonix_1.4-27_amd64.deb
Files:
867aed88f83853e0dddaa1c0d01147c4 1179 games optional xonix_1.4-27.dsc
dd39afc9e737b349cf344a5d3d4df585 13913 games optional
xonix_1.4-27.debian.tar.gz
48ee45ffefae9d1a58485db5a6ef7650 29790 games optional xonix_1.4-27_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk21+zIACgkQLARVQsm1XazGBACdFwIvlUvx+WrCMH1BJnm3E5G4
Pr0AmwS7sYq6mqtcuIOOiQn3D+RwXlOs
=2dAt
-----END PGP SIGNATURE-----
--- End Message ---
