Package: apt Version: 0.5.21 Severity: normal On line 31 of .../apt-pkg/pkgsystem.cc, the constructor uses SysList[GlobalListLen] and increments GlobalListLen++; on the next line, without checking to see if GlobalListLen is too big for the buffer ( SysList[10], defined a few lines above).
I don't think this is a security problem, but it ought to be cleaned up. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "i386"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::userstatus "status.user"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::vendorlist "vendors.list"; Dir::Etc::vendorparts "vendors.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::dpkg "/usr/bin/dpkg"; DPkg ""; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; -- (no /etc/apt/preferences present) -- -- /etc/apt/sources.list -- deb ftp://ftp.uk.debian.org/debian/ testing main non-free contrib deb-src ftp://ftp.uk.debian.org/debian/ testing main non-free contrib # deb http://mirror.ox.ac.uk/debian testing main contrib non-free # deb-src http://mirror.ox.ac.uk/debian testing main contrib non-free deb http://mirror.ox.ac.uk/debian-non-US testing/non-US main contrib non-free deb-src http://mirror.ox.ac.uk/debian-non-US testing/non-US main contrib non-free # deb http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free # deb-src http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free # deb http://mirrors.kernel.org/debian/ testing main non-free contrib # deb-src http://mirrors.kernel.org/debian/ testing main non-free contrib deb http://security.debian.org/ testing/updates main contrib non-free -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux gpk 2.4.23 #2 Sun Dec 7 11:46:58 GMT 2003 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages apt depends on: ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an ii libgcc1 1:3.3.3-0pre3 GCC support library ii libstdc++5 1:3.3.3-0pre3 The GNU Standard C++ Library v3 -- no debconf information
