I'm NMUing to fix this, with the following patch. -- see shy jo
diff -ur old/sympa-4.1.2/debian/changelog sympa-4.1.2/debian/changelog
--- old/sympa-4.1.2/debian/changelog 2005-02-13 14:08:16.000000000 -0500
+++ sympa-4.1.2/debian/changelog 2005-02-13 14:07:58.000000000 -0500
@@ -1,3 +1,10 @@
+sympa (4.1.2-2.1) unstable; urgency=HIGH
+
+ * NMU
+ * Fixed buffer overflow [src/queue.c, CAN-2005-0073] Closes: #294795
+
+ -- Joey Hess <[EMAIL PROTECTED]> Sun, 13 Feb 2005 14:07:23 -0500
+
sympa (4.1.2-2) unstable; urgency=low
* really create database if requested (Closes: #274267)
diff -ur old/sympa-4.1.2/src/queue.c sympa-4.1.2/src/queue.c
--- old/sympa-4.1.2/src/queue.c 2003-10-07 08:04:47.000000000 -0400
+++ sympa-4.1.2/src/queue.c 2005-02-13 14:07:18.000000000 -0500
@@ -116,7 +116,7 @@
exit(EX_NOPERM);
}
umask(027);
- sprintf(qfile, "T.%s.%ld.%d", listname, time(NULL), getpid());
+ snprintf(qfile, sizeof(qfile), "T.%s.%ld.%d", listname, time(NULL),
getpid());
fd = open(qfile, O_CREAT|O_WRONLY, 0600);
if (fd == -1){
char* buffer=(char*)malloc(strlen(argv[0])+strlen(queuedir)+80);
signature.asc
Description: Digital signature
