Your message dated Sat, 28 Feb 2015 18:51:13 +0100 with message-id <[email protected]> and subject line Re: Bug#779397: xterm: buffer overflow with -S option has caused the Debian Bug report #779397, regarding xterm: buffer overflow with -S option to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 779397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779397 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: xterm Version: 312-1 Severity: important Tags: security $ xterm -S/dev/pts/20 *** buffer overflow detected ***: /usr/bin/xterm terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x731ff)[0x7f4de0b1b1ff] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f4de0b9e4c7] /lib/x86_64-linux-gnu/libc.so.6(+0xf46e0)[0x7f4de0b9c6e0] /lib/x86_64-linux-gnu/libc.so.6(__stpncpy_chk+0x0)[0x7f4de0b9bb40] /usr/bin/xterm[0x408eb0] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f4de0ac9b45] /usr/bin/xterm[0x408f9c] ======= Memory map: ======== [...] Not sure whether this is a security issue, but a buffer overflow looks really wrong... -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages xterm depends on: ii libc6 2.19-15 ii libfontconfig1 2.11.0-6.3 ii libice6 2:1.0.9-1+b1 ii libtinfo5 5.9+20140913-1+b1 ii libutempter0 1.1.5-4 ii libx11-6 2:1.6.2-3 ii libxaw7 2:1.0.12-2+b1 ii libxft2 2.3.2-1 ii libxmu6 2:1.1.2-1 ii libxpm4 1:3.5.11-1+b1 ii libxt6 1:1.1.4-1+b1 ii xbitmaps 1.1.1-2 Versions of packages xterm recommends: ii x11-utils 7.7+2 Versions of packages xterm suggests: pn xfonts-cyrillic <none> -- no debconf information
--- End Message ---
--- Begin Message ---Package: xterm Version: 314-1 On 2015-02-28 13:37 +0100, Thomas Dickey wrote: > On Sat, Feb 28, 2015 at 03:37:53AM +0100, Vincent Lefevre wrote: >> Package: xterm >> Version: 312-1 >> Severity: important >> Tags: security >> >> $ xterm -S/dev/pts/20 >> *** buffer overflow detected ***: /usr/bin/xterm terminated > > This was fixed in #314, two months ago. Thanks. For the package in jessie/sid, I suppose I would have to apply the passedPty related changes in main.c, right? Cheers, Sven
--- End Message ---
