Your message dated Tue, 19 Aug 2025 17:49:14 +0000
with message-id <[email protected]>
and subject line Bug#1111581: fixed in remind 06.00.01-1
has caused the Debian Bug report #1111581,
regarding remind: Potential buffer overflow in DUMPVARS command
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111581: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111581
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: remind
Severity: important
Dear Maintainer,
Remind version 05.03.07 (trixie) has a potential buffer overflow in
the DUMPVARS command. If you dump a nonexistent variable, the assignment:
DBufValue(&buf)[VAR_NAME_LEN] = 0;
is intended to truncate the variable name before printing an error. However,
the buffer associated with buf may be as small as 32 bytes, and VAR_NAME_LEN
is 64, so we could write past the buffer.
This bug is not present in 04.02.03 (bookworm) or 03.03.01 (bullseye)
because those versions of Remind guaranteed that buf had at least a
128-byte buffer.
The bug is fixed in upstream 06.00.01 and a patch is below.
Regards,
Dianne.
--- src/var.c.orig 2025-08-18 10:56:18.000000000 -0400
+++ src/var.c 2025-08-19 12:52:34.777056953 -0400
@@ -786,9 +786,14 @@
DumpSysVarByName(DBufValue(&buf)+1);
} else {
v = FindVar(DBufValue(&buf), 0);
- DBufValue(&buf)[VAR_NAME_LEN] = 0;
- if (!v) fprintf(ErrFp, "%s %s\n",
+ if (!v) {
+ if (DBufLen(&buf) > VAR_NAME_LEN) {
+ /* Truncate over-long variable name */
+ DBufValue(&buf)[VAR_NAME_LEN] = 0;
+ }
+ fprintf(ErrFp, "%s %s\n",
DBufValue(&buf), UNDEF);
+ }
else {
fprintf(ErrFp, "%s ", v->name);
PrintValue(&(v->v), ErrFp);
-- System Information:
Debian Release: 13.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.16.1 (SMP w/64 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages remind depends on:
ii libc6 2.41-12
Versions of packages remind recommends:
pn remind-tools <none>
Versions of packages remind suggests:
pn tkremind <none>
pn wyrd <none>
--- End Message ---
--- Begin Message ---
Source: remind
Source-Version: 06.00.01-1
Done: Jochen Sprickerhof <[email protected]>
We believe that the bug you reported is fixed in the latest version of
remind, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Sprickerhof <[email protected]> (supplier of updated remind package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Aug 2025 19:27:58 +0200
Source: remind
Architecture: source
Version: 06.00.01-1
Distribution: unstable
Urgency: medium
Maintainer: Jochen Sprickerhof <[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 1111581
Changes:
remind (06.00.01-1) unstable; urgency=medium
.
* New upstream version 06.00.01
- fixes buffer overflow in DUMPVARS (Closes: #1111581)
* Add new libreadline-dev build dependency
Checksums-Sha1:
d8e379f9bb6ad75db14810e2142f2b2b2033a9a6 2569 remind_06.00.01-1.dsc
b98f8ce92f9c4f0a77f73cd4dccc6a7554f42d2d 8998734 remind_06.00.01.orig.tar.gz
2c7c6f653941f3effba7aaa8518665b5328c0689 9400 remind_06.00.01-1.debian.tar.xz
Checksums-Sha256:
d8a8718cabcaa56cd0c06cefc656629ec1ed936880c96d605fc4c6735c83d0f5 2569
remind_06.00.01-1.dsc
0705b6f700d6cd7b0f59af106495f7dd726ea14b641d9d8408f532fb28d2f007 8998734
remind_06.00.01.orig.tar.gz
a422c37980a8e160b57bad9a83dc7114efa16caf55e3be49735bfe0323e0aa66 9400
remind_06.00.01-1.debian.tar.xz
Files:
12d4e70c0b5694fe3b7d2225814f7f76 2569 utils optional remind_06.00.01-1.dsc
bd780badb50dcf76372f906d089471d0 8998734 utils optional
remind_06.00.01.orig.tar.gz
62e806259967b6d37a977cbfa4ca7e43 9400 utils optional
remind_06.00.01-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmiktdEACgkQW//cwljm
lDNkCw/8DEHkx9VofsdwFf1GzE6dJD3UsoG0xE8EdlZOa+ifQJWuCtW9aNT9oyZx
552zo/JprZVxTm3DERFmjwNfzq0ggj5c5mUZDR0b6bNe1CNemMV+lrs5DerP+Axo
zkPhc8xr+OUw4KNrZzBHAgJILLBDmwWdHPl3v72TAV4ADCVswjU6ITJB3gyiJSOq
rR0tnTGWZQ3U5huUTPDZJMnXbKnbHPSzwWOyCXXo+KJm1JqfpkHzDakVkyGGh/Kl
6jjgtafyTzbmaSiEfuWh5XFVBzp3cJANvJizP/bSXGd6XKaK4vNmHe6DtOOiBrJI
JesMcgNWA4VHSsuBTHWSe9vkDZ3z0k4g05FZb+0TxW5KQZIrQ/y9EDoN0ePT3Kkq
efRARP6cu42E3iSCzzWsFIb6etcA3lYEHQibkLqR+I/7k9GSH6KWFrBtBFA/Jc3D
zu+o5C3Ut4MMqhzmSJAi8g5d8TggNDoiL5vL+mPwsmIzKzEd9K364l1sDLxmumc4
X3+EG0xdFbxpqfKu28WJoRES8Rq9ExPxcpSSNig72hMZzuw7a+/m/65HAasTNu8Y
5PWajSQkzfwIBUrwui3tXuCuelguT/YO0zbCpPyW2Pyh9cpFtxQqIrdTh+PKp9ve
i5tPKVzrPWZd2x9C1I6UwslU0X8WCDmdm+H5YEbwpyys2DRAQ+U=
=kCv9
-----END PGP SIGNATURE-----
pgpIEmd7i6u5m.pgp
Description: PGP signature
--- End Message ---
