On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote: > On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote: > > > I have prepared a package in SVN which is ready for upload. Before doing > > so, Moritz, can you look at this additional patch I found in the 2.4 SVN > > branch? > > > > svn diff -r4780:4781 > > svn://svn.clusterresources.com/torque/branches/2.4-fixes > > > > What do you think, should we add that too? There are no additional CVEs > > for Torque, apparently so maybe this can't be used as an attack vector? > > Whether this is exploitable depends very much on the context and I'm not > familiar with torque, but we should include the fix to err on the safe side. > > > Packages (without this second patch) are in my homedir in people.d.o, and > > signed. I'm going offline until monday morning, so if you check them out > > and see everything looks good, feel free to move them to the queue. > > I'm leaving from DebConf shortly and won't be having proper internet > access for a few days. Please upload the packages when you find the > time, we can then process the DSA.
As this bug is ageing quite nicely I've taken the liberty of uploading
Jordi's package with the additional patch folded in to security-master.
The changelog:
torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low
[ Jordi Mallach ]
* [CVE_2011_2193]: Fix two potential buffer overflows:
jobid length and hostname length weren't properly checked,
and these both allow segfaults/buffer overflow attacks within
the code.
* Update Vcs-* fields to point to the new squeeze branch.
[ Jonathan Wiltshire ]
* Non-maintainer upload.
* buffer_overflow_in_checkpoint_c.patch: Fix a potential buffer
overflow problem in mom_checkpoint_recover
It has had only limited testing because I don't have the resources
available for a thorough test.
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature
