Your message dated Wed, 15 Aug 2007 19:47:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#438125: fixed in rsync 2.6.9-5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: rsync Version: 2.6.9-3 Severity: serious Tags: security Hi, CVE-2007-4091 has not yet been published on mitre (RESERVED) but Sebastian Krahmer (SuSE) published the issue in his weblog. There is an off-by-one programming error in sender.c He also published a patch which is attached to this mail. More information about the issue can be found on: http://c-skills.blogspot.com/2007/08/cve-2007-4091.html Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.--- rsync-2.6.9.orig/sender.c 2006-09-20 03:53:32.000000000 +0200 +++ rsync-2.6.9/sender.c 2007-07-25 15:33:05.000000000 +0200 @@ -123,6 +123,7 @@ char fname[MAXPATHLEN]; struct file_struct *file; unsigned int offset; + size_t l = 0; if (ndx < 0 || ndx >= the_file_list->count) return; @@ -133,6 +134,20 @@ file->dir.root, "/", NULL); } else offset = 0; + + l = offset + 1; + if (file) { + if (file->dirname) + l += strlen(file->dirname); + if (file->basename) + l += strlen(file->basename); + } + + if (l >= sizeof(fname)) { + rprintf(FERROR, "Overlong pathname\n"); + exit_cleanup(RERR_FILESELECT); + } + f_name(file, fname + offset); if (remove_source_files) { if (do_unlink(fname) == 0) { @@ -224,6 +239,7 @@ enum logcode log_code = log_before_transfer ? FLOG : FINFO; int f_xfer = write_batch < 0 ? batch_fd : f_out; int i, j; + size_t l = 0; if (verbose > 2) rprintf(FINFO, "send_files starting\n"); @@ -259,6 +275,20 @@ fname[offset++] = '/'; } else offset = 0; + + l = offset + 1; + if (file) { + if (file->dirname) + l += strlen(file->dirname); + if (file->basename) + l += strlen(file->basename); + } + + if (l >= sizeof(fname)) { + rprintf(FERROR, "Overlong pathname\n"); + exit_cleanup(RERR_FILESELECT); + } + fname2 = f_name(file, fname + offset); if (verbose > 2)pgpoRuuhg3nzG.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: rsync Source-Version: 2.6.9-5 We believe that the bug you reported is fixed in the latest version of rsync, which is due to be installed in the Debian FTP archive: rsync_2.6.9-5.diff.gz to pool/main/r/rsync/rsync_2.6.9-5.diff.gz rsync_2.6.9-5.dsc to pool/main/r/rsync/rsync_2.6.9-5.dsc rsync_2.6.9-5_amd64.deb to pool/main/r/rsync/rsync_2.6.9-5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Slootman <[EMAIL PROTECTED]> (supplier of updated rsync package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 15 Aug 2007 21:24:47 +0200 Source: rsync Binary: rsync Architecture: source amd64 Version: 2.6.9-5 Distribution: unstable Urgency: high Maintainer: Paul Slootman <[EMAIL PROTECTED]> Changed-By: Paul Slootman <[EMAIL PROTECTED]> Description: rsync - fast remote file copy program (like rcp) Closes: 438125 Changes: rsync (2.6.9-5) unstable; urgency=high . * fix two off-by-one errors leading to potential buffer overflow which may corrupt the stack (CVE-2007-4091) closes:#438125 Files: 0742560bcdcdc1e08ec224a2a8029184 556 net optional rsync_2.6.9-5.dsc 5fa7b565e7de5365d172aad041ab3992 38544 net optional rsync_2.6.9-5.diff.gz 4d29fcd2856c5ed4291e3c15f7774fd8 275002 net optional rsync_2.6.9-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFGw1X+utvvqbTW3hMRAgoXAJ4zTJCGnbHpc40A0R+b/Yf3gbsC3wCfUL0w LhACToxV72HxJCNS3JtJGcA= =P1QW -----END PGP SIGNATURE-----
--- End Message ---