Your message dated Sat, 25 May 2013 22:17:33 +0000 with message-id <[email protected]> and subject line Bug#145048: fixed in libx11 2:1.3.3-4+squeeze1 has caused the Debian Bug report #145048, regarding segfault in xterm (reading resources database?) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 145048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=145048 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libx11-6 Version: 2:1.1.3-1 Severity: important Hi, xterm is currently segfaulting on me. As far as I can tell the segfault occurs inside libx11, so I'm posting this bug against that rather than xterm (ccing Thomas Dickey so he's aware of the problem). The bug would be grave against xterm, but only important against libx11 since other programs work OK. Actually think the bug may be shared. The backtrace suggests something is wrong in /etc/X11/app-defaults/XTerm, but in that case libX11 (in Xrm) should deal with it rather than crashing. I can't see anything obviously wrong in /etc/X11/app-defaults/XTerm, I think it's the Debian default. I'll attach it for reference. The segfault occurred with libx11 2:1.0.3-7 from unstable. I saw the new version 2:1.1.3-1 in experimental so I tried it, but the bug is still there. I installed the -dbg package to get a backtrace Here is the gdb output: Starting program: /usr/bin/xterm (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 0xb7b2f6b0 (LWP 25642)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7b2f6b0 (LWP 25642)] 0xb7de5eae in GetDatabase (db=0x80b0590, str=0x87bc3d8 "! $XTermId: XTerm.ad,v 1.83 2007/03/18 22:41:40 tom Exp $\n! $XFree86: xc/programs/xterm/XTerm.ad,v 3.37 2006/04/10 00:34:36 dickey Exp $\n\n*saveLines: 1024\n\n*SimpleMenu*BackingStore: NotUseful\n*SimpleM"..., filename=0xbf24a548 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1104 1104 ../../src/Xrm.c: No such file or directory. in ../../src/Xrm.c and here is the backtrace: (gdb) bt #0 0xb7de5eae in GetDatabase (db=0x80b0590, str=0x87bc3d8 "! $XTermId: XTerm.ad,v 1.83 2007/03/18 22:41:40 tom Exp $\n! $XFree86: xc/programs/xterm/XTerm.ad,v 3.37 2006/04/10 00:34:36 dickey Exp $\n\n*saveLines: 1024\n\n*SimpleMenu*BackingStore: NotUseful\n*SimpleM"..., filename=0xbf24a548 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1104 #1 0xb7de6b61 in GetDatabase (db=0x80b0590, str=0x16 <Address 0x16 out of bounds>, filename=0xbf24e908 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1658 #2 0xb7de6b61 in GetDatabase (db=0x80b0590, str=0x16 <Address 0x16 out of bounds>, filename=0xbf252cc8 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1658 ... [repeats 480 times] #480 0xb7de6b61 in GetDatabase (db=0x80b0590, str=0x16 <Address 0x16 out of bounds>, filename=0xbfa3ad48 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1658 #481 0xb7de6b61 in GetDatabase (db=0x80b0590, str=0x16 <Address 0x16 out of bounds>, filename=0xbfa3f108 "/etc/X11/app-defaults/XTerm", doall=1) at ../../src/Xrm.c:1658 #482 0xb7de6b61 in GetDatabase (db=0x80b0590, str=0x16 <Address 0x16 out of bounds>, ---Type <return> to continue, or q <return> to quit--- filename=0x80b3510 "/etc/X11/app-defaults/XTerm-color", doall=1) at ../../src/Xrm.c:1658 #483 0xb7de73f9 in XrmCombineFileDatabase ( filename=0x80b3510 "/etc/X11/app-defaults/XTerm-color", target=0xbfa444c8, override=0) at ../../src/Xrm.c:1698 #484 0xb7ecfeeb in XtScreenDatabase () from /usr/lib/libXt.so.6 #485 0xb7ed022e in _XtDisplayInitialize () from /usr/lib/libXt.so.6 #486 0xb7ec76e3 in XtOpenDisplay () from /usr/lib/libXt.so.6 #487 0xb7ec78a5 in _XtAppInit () from /usr/lib/libXt.so.6 #488 0xb7ed0760 in XtOpenApplication () from /usr/lib/libXt.so.6 #489 0x08066cd4 in ?? () #490 0x08095400 in ?? () #491 0x080851c9 in ?? () #492 0x08091800 in ?? () #493 0x0000008a in ?? () #494 0xbfa44920 in ?? () #495 0xbfa449a4 in ?? () #496 0x080920a0 in ?? () #497 0xb7efcb40 in applicationShellWidgetClass () from /usr/lib/libXt.so.6 #498 0x00000000 in ?? () -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22 (PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libx11-6 depends on: ii libc6 2.6.1-5 GNU C Library: Shared libraries ii libx11-data 2:1.1.1-1 X11 client-side library ii libxcb-xlib0 1.0-3 X C Binding, Xlib/XCB interface li ii libxcb1 1.0-3 X C Binding ii x11-common 1:7.3+2 X Window System (X.Org) infrastruc libx11-6 recommends no packages. -- no debconf information! $XTermId: XTerm.ad,v 1.83 2007/03/18 22:41:40 tom Exp $ ! $XFree86: xc/programs/xterm/XTerm.ad,v 3.37 2006/04/10 00:34:36 dickey Exp $ *saveLines: 1024 *SimpleMenu*BackingStore: NotUseful *SimpleMenu*menuLabel.font: -adobe-helvetica-bold-r-normal--*-120-*-*-*-*-iso8859-* *SimpleMenu*menuLabel.vertSpace: 100 *SimpleMenu*HorizontalMargins: 16 *SimpleMenu*Sme.height: 16 *SimpleMenu*Cursor: left_ptr *mainMenu.Label: Main Options *mainMenu*toolbar*Label: Toolbar *mainMenu*securekbd*Label: Secure Keyboard *mainMenu*allowsends*Label: Allow SendEvents *mainMenu*redraw*Label: Redraw Window *mainMenu*logging*Label: Log to File *mainMenu*print*Label: Print Window *mainMenu*print-redir*Label: Redirect to Printer *mainMenu*8-bit control*Label: 8-Bit Controls *mainMenu*backarrow key*Label: Backarrow Key (BS/DEL) *mainMenu*num-lock*Label: Alt/NumLock Modifiers *mainMenu*alt-esc*Label: Alt Sends Escape *mainMenu*meta-esc*Label: Meta Sends Escape *mainMenu*delete-is-del*Label: Delete is DEL *mainMenu*oldFunctionKeys*Label: Old Function-Keys *mainMenu*sunFunctionKeys*Label: Sun Function-Keys *mainMenu*sunKeyboard*Label: VT220 Keyboard *mainMenu*hpFunctionKeys*Label: HP Function-Keys *mainMenu*scoFunctionKeys*Label: SCO Function-Keys *mainMenu*tcapFunctionKeys*Label: Termcap Function-Keys *mainMenu*suspend*Label: Send STOP Signal *mainMenu*continue*Label: Send CONT Signal *mainMenu*interrupt*Label: Send INT Signal *mainMenu*hangup*Label: Send HUP Signal *mainMenu*terminate*Label: Send TERM Signal *mainMenu*kill*Label: Send KILL Signal *mainMenu*quit*Label: Quit *vtMenu.Label: VT Options *vtMenu*scrollbar*Label: Enable Scrollbar *vtMenu*jumpscroll*Label: Enable Jump Scroll *vtMenu*reversevideo*Label: Enable Reverse Video *vtMenu*autowrap*Label: Enable Auto Wraparound *vtMenu*reversewrap*Label: Enable Reverse Wraparound *vtMenu*autolinefeed*Label: Enable Auto Linefeed *vtMenu*appcursor*Label: Enable Application Cursor Keys *vtMenu*appkeypad*Label: Enable Application Keypad *vtMenu*scrollkey*Label: Scroll to Bottom on Key Press *vtMenu*scrollttyoutput*Label: Scroll to Bottom on Tty Output *vtMenu*allow132*Label: Allow 80/132 Column Switching *vtMenu*selectToClipboard*Label: Select to Clipboard *vtMenu*cursesemul*Label: Enable Curses Emulation *vtMenu*visualbell*Label: Enable Visual Bell *vtMenu*bellIsUrgent*Label: Enable Bell Urgency *vtMenu*poponbell*Label: Enable Pop on Bell *vtMenu*cursorblink*Label: Enable Blinking Cursor *vtMenu*titeInhibit*Label: Enable Alternate Screen Switching *vtMenu*activeicon*Label: Enable Active Icon *vtMenu*softreset*Label: Do Soft Reset *vtMenu*hardreset*Label: Do Full Reset *vtMenu*clearsavedlines*Label: Reset and Clear Saved Lines *vtMenu*tekshow*Label: Show Tek Window *vtMenu*tekmode*Label: Switch to Tek Mode *vtMenu*vthide*Label: Hide VT Window *vtMenu*altscreen*Label: Show Alternate Screen *fontMenu.Label: VT Fonts *fontMenu*fontdefault*Label: Default *fontMenu*font1*Label: Unreadable *VT100.font1: nil2 *IconFont: nil2 *fontMenu*font2*Label: Tiny *VT100.font2: 5x7 *fontMenu*font3*Label: Small *VT100.font3: 6x10 *fontMenu*font4*Label: Medium *VT100.font4: 7x13 *fontMenu*font5*Label: Large *VT100.font5: 9x15 *fontMenu*font6*Label: Huge *VT100.font6: 10x20 *fontMenu*fontescape*Label: Escape Sequence *fontMenu*fontsel*Label: Selection !fontescape and fontsel overridden by application *fontMenu*font-linedrawing*Label: Line-Drawing Characters *fontMenu*font-doublesize*Label: Doublesized Characters *fontMenu*font-loadable*Label: VT220 Soft Fonts *fontMenu*render-font*Label: TrueType Fonts *fontMenu*utf8-mode*Label: UTF-8 *fontMenu*utf8-title*Label: UTF-8 Titles *VT100.utf8Fonts.font2: -misc-fixed-medium-r-normal--8-80-75-75-c-50-iso10646-1 *VT100.utf8Fonts.font: -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1 *VT100.utf8Fonts.font3: -misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1 *VT100.utf8Fonts.font4: -misc-fixed-medium-r-normal--13-120-75-75-c-80-iso10646-1 *VT100.utf8Fonts.font5: -misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1 *VT100.utf8Fonts.font6: -misc-fixed-medium-r-normal--20-200-75-75-c-100-iso10646-1 *tekMenu.Label: Tek Options *tekMenu*tektextlarge*Label: Large Characters *tekMenu*tektext2*Label: #2 Size Characters *tekMenu*tektext3*Label: #3 Size Characters *tekMenu*tektextsmall*Label: Small Characters *tekMenu*tekpage*Label: PAGE *tekMenu*tekreset*Label: RESET *tekMenu*tekcopy*Label: COPY *tekMenu*vtshow*Label: Show VT Window *tekMenu*vtmode*Label: Switch to VT Mode *tekMenu*tekhide*Label: Hide Tek Window *tek4014*fontLarge: 9x15 *tek4014*font2: 8x13 *tek4014*font3: 6x13 *tek4014*fontSmall: 6x10 ! Debian package customizations follow. *backarrowKeyIsErase: true *ptyInitialErase: true ! If xterm is built with a toolbar, the widget hierarchy looks like this, ! showing widget name / class names. The complete menu hierarchy is built ! at startup because it is needed to make the layout work for the menubar: ! ! xterm/XTerm ! form/Form ! menubar/Box ! mainMenuButton/MenuButton ! mainMenu/SimpleMenu ! menuLabel/SmeBSB ! toolbar/SmeBSB ! ... ! vtMenu/SimpleMenu ! menuLabel/SmeBSB ! scrollbar/SmeBSB ! ... ! fontMenu/SimpleMenu ! menuLabel/SmeBSB ! fontdefault/SmeBSB ! ... ! tekMenu/SimpleMenu ! menuLabel/SmeBSB ! fontdefault/SmeBSB ! ... ! vt100/VT100 ! tektronix/TopLevelShell ! shellext/VendorShellExt ! tek4014/Tek4014 ! ! If built without a toolbar, the widget hierarchy is simpler, because there ! is no form, and the popup menu widgets are created only when they are first ! used. ! ! xterm/XTerm ! shellext/VendorShellExt ! mainMenu/SimpleMenu ! menuLabel/SmeBSB ! ... ! ... ! vt100/VT100 ! tektronix/TopLevelShell ! shellext/VendorShellExt ! tek4014/Tek4014 ! ! A more complete list of the widget/class names can be obtained using editres ! to dump a file. Some widget names are not available until the corresponding ! menu has been created. ! These resources reduce space around the menubar, by eliminating padding in ! the enclosing form (Thickness) and the border of the Box which represents ! the menubar widget. *form.Thickness: 0 *menubar.borderWidth: 0 ! If we wanted to eliminate the border of the popup menus, we could do this ! instead, since they are children of the menubar: !*menubar*borderWidth: 0 ! Eliminate the border of the buttons in the menubar, so the only line around ! the text is for the highlighted button: *MenuButton*borderWidth: 0 ! Set a border for the menus to make them simpler to distinguish against the ! vt100 widget: *SimpleMenu*borderWidth: 2 ! Here is a pattern that is useful for double-clicking on a URL: !*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48 ! ! Alternatively, !*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+ #include "XTerm"
--- End Message ---
--- Begin Message ---Source: libx11 Source-Version: 2:1.3.3-4+squeeze1 We believe that the bug you reported is fixed in the latest version of libx11, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau <[email protected]> (supplier of updated libx11 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 21 May 2013 22:26:20 +0200 Source: libx11 Binary: libx11-6 libx11-6-udeb libx11-data libx11-6-dbg libx11-dev libx11-xcb1 libx11-xcb1-dbg libx11-xcb-dev Architecture: source all amd64 Version: 2:1.3.3-4+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: Debian X Strike Force <[email protected]> Changed-By: Julien Cristau <[email protected]> Description: libx11-6 - X11 client-side library libx11-6-dbg - X11 client-side library (debug package) libx11-6-udeb - X11 client-side library (udeb) libx11-data - X11 client-side library libx11-dev - X11 client-side library (development headers) libx11-xcb-dev - Xlib/XCB interface library (development headers) libx11-xcb1 - Xlib/XCB interface library libx11-xcb1-dbg - Xlib/XCB interface library (debug package) Closes: 145048 Changes: libx11 (2:1.3.3-4+squeeze1) squeeze-security; urgency=high . * CVE-2013-1981: integer overflows calculating memory needs for replies * CVE-2013-1997: buffer overflows due to not validating length or offset values in replies * CVE-2013-2004: unbounded recursion parsing user-specified files (closes: #145048) Checksums-Sha1: e67c8b9f9ba76e5fe448ef78dfa557ef27cd3ba6 2245 libx11_1.3.3-4+squeeze1.dsc d900f8aa985376683690df9d36a864220dc48390 2899688 libx11_1.3.3.orig.tar.gz 0d14889937e40a0ac96280412a8584df6eb8cc15 155452 libx11_1.3.3-4+squeeze1.diff.gz 8d7e9f795dfb514d100863c8ec0f63d8d1c9081a 184280 libx11-data_1.3.3-4+squeeze1_all.deb 31c51cbedaa71b7f90c1f9cca29bcd902c286e19 846850 libx11-6_1.3.3-4+squeeze1_amd64.deb 844140cbd50e97efc78ee120f23c7ef7ad09523e 760224 libx11-6-udeb_1.3.3-4+squeeze1_amd64.udeb a91e159792d0ab571772d9c99687408d2efe14de 2785712 libx11-6-dbg_1.3.3-4+squeeze1_amd64.deb 9ff8e285a3ca16ce5508d5af1b42531b19547d5e 3515624 libx11-dev_1.3.3-4+squeeze1_amd64.deb d426f4d4b2d91cd6a05a973202dadd28e7298730 90340 libx11-xcb1_1.3.3-4+squeeze1_amd64.deb d4369895e4e801bb4edaf93da5ef5f48cc6f4ddf 104310 libx11-xcb1-dbg_1.3.3-4+squeeze1_amd64.deb 44a512849ad51411ea701ddbc128b0e30bfbbecc 92438 libx11-xcb-dev_1.3.3-4+squeeze1_amd64.deb Checksums-Sha256: fb6ca75967de4263aad60b8ae2812ea759fb908152678af41f06a4f10c4da053 2245 libx11_1.3.3-4+squeeze1.dsc 91274846aebcc9b1867d051c87833ef8f1a1ebe372b675373dd2a744360a8734 2899688 libx11_1.3.3.orig.tar.gz 22f6fefd5ed57b7c3fc57d64c922b575a160102bd1212a554120f650ae923d0c 155452 libx11_1.3.3-4+squeeze1.diff.gz bb5e83fb3d86d7e8158c31f9c47cfa966fb9f875028252514d676c7e2fbeeb8c 184280 libx11-data_1.3.3-4+squeeze1_all.deb 624c1682ea99251fb0a1f46528d5cf2738fd3c4f594f86a6f781c89d50bdca28 846850 libx11-6_1.3.3-4+squeeze1_amd64.deb 41d049446812740282865111d5e6e4cc3da18d03c86c95a9b7cd74ab9d1f2926 760224 libx11-6-udeb_1.3.3-4+squeeze1_amd64.udeb b4aade70d9d703374a24945e6a054c8537d9facb9c62b9d180869726c7f03783 2785712 libx11-6-dbg_1.3.3-4+squeeze1_amd64.deb d0242e5738ef7af7f9f340e070a68bcb7033c9c06c36ff30715272784d33bd32 3515624 libx11-dev_1.3.3-4+squeeze1_amd64.deb 1d2820930fac026737a7520790a7b6154693389a510f5e5fcae18b44a28edca1 90340 libx11-xcb1_1.3.3-4+squeeze1_amd64.deb 4a986a3eec27bb418cdf81d94d5d2209b08bbcdb585f7c44a93d5295e651d0b3 104310 libx11-xcb1-dbg_1.3.3-4+squeeze1_amd64.deb 4556e04560d98c65c3c38d68958604df7c5dd048c9725ac4197912512b31e281 92438 libx11-xcb-dev_1.3.3-4+squeeze1_amd64.deb Files: 6ab949497d816b1d450e0e1f2a15da08 2245 x11 optional libx11_1.3.3-4+squeeze1.dsc f5669fa5843e54cb4cc7ebf8f7cc741e 2899688 x11 optional libx11_1.3.3.orig.tar.gz 926ad66aea7bdf9ed48e835742116d4e 155452 x11 optional libx11_1.3.3-4+squeeze1.diff.gz 5fc7f93bdb449846ea32eb04fdc175f2 184280 x11 optional libx11-data_1.3.3-4+squeeze1_all.deb 7830afc549ae6d75a7a548b4ce568453 846850 libs optional libx11-6_1.3.3-4+squeeze1_amd64.deb 4cf7ab94f757b4d935ac0bcc55278e72 760224 debian-installer optional libx11-6-udeb_1.3.3-4+squeeze1_amd64.udeb 0a5c453468c811869180f36287697a35 2785712 debug extra libx11-6-dbg_1.3.3-4+squeeze1_amd64.deb 0bcbf24df37af9e5c3bc16aa8bd0ae47 3515624 libdevel optional libx11-dev_1.3.3-4+squeeze1_amd64.deb 99f114343c43b00968b9b3ba597cf712 90340 libs optional libx11-xcb1_1.3.3-4+squeeze1_amd64.deb 6332f7cb7b8c475a003cfbbb797ef89f 104310 debug extra libx11-xcb1-dbg_1.3.3-4+squeeze1_amd64.deb e717e3c4152fb4f228577783d058de36 92438 libdevel optional libx11-xcb-dev_1.3.3-4+squeeze1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRm+tFAAoJEDEBgAUJBeQMMMYP/RIqpG1ITIi+CspCEzIJncP8 APAxob1gEvlCt+q22pmhrK6hpBnsrtYNt6nXAEIjTuEWwNdWpA3AfpfbkeY8jcCd xG9uExYsoeAX2P1zdrz+q+3zq4bfAz3H9emZHpgbZ/HlgUMPDYI4A1KGOJWL/ixz 6OMURtnjJt75zI8ud4D54wtu27QFAUzO9ijZ5fOH/xFKMSJB+glAericO7766XsJ uYZmy9iTHeGXi20iXKPm0625mo0ScJ2jFSLn054UJRgdxOAVU5vfVvZkNOlIsqmh 3hTtSO97Ice/DVHXYbrLrUTc5jliecZn5DH04dbAVJeL5gX99XDFEW7tistd7aEy ZoMc5eiFbQj4DfxC/BBSfVVtGXEI4BYhEtPJbF64s7LJRiD7NNgYT2M3ryrIiPAy L6DWEdi3H0lBjWrTu+T9WWMX4OyzZH6igQfrGsx620gQxJJix+UR4QWjs5yKDwDZ xuO712Wt/iVCIhnDvZWtEahaedE6897VwViWE1xdyLDLNsMrRGjIamOGQ9VHMJFV 4juugMiE+Vvma6cuV/fxsw2on46sXkzghUSXjMMtNTgPrN0w5JdpfaYaWgywJu82 ex6hBv/8s4THxVs85rdIvVN9UvfYESW5bPYXyHLAdQxlFAFEt//yK8CfsLzs5Glj eZTDAy99dDSgeUOFaynH =O4nd -----END PGP SIGNATURE-----
--- End Message ---
