Your message dated Tue, 6 Jul 2010 13:00:22 +0200
with message-id <aanlktilp54zebbkyzmkgpyzoe0qvr20sivktz3bh6...@mail.gmail.com>
and subject line Re: Bug#488049: kaffeine 1.0~pre3 uploaded to unstable
has caused the Debian Bug report #488049,
regarding save audiostream file selector dialog: changing directory causes 
fatal error, probably STRING OVERFLOW
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
488049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488049
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kaffeine
Version: 0.8.6-2
Severity: important
Tags: security

--- Please enter the report below this line. ---

How to reproduce:
-----------------
(1)  specify an existing directory in dialog
Settings - xine Engine Parameters - media - Expert Options - capture.save_dir
(2)  connect to an audiostream server
(3)  open dialog File - Save Stream..
(4)  notice that directory (1) is preselected
(5)  specify path matching pattern 'subdir/filename' or '../filename' and
hit enter

Expected:
---------
Kaffeine should save audiostream to path (5) RELATIVE to directory (1),
as dialog (5) has promised

Observed:
---------
message pops up
> Requested resource does not exist
> (mms://stream4.orf.at/oe1-wort#save:/home/roland/Dokumente/www/Kaffeine/hda11/Salzburg.wma)
where URL and save path mentioned within parenthesis MATCH exactly (2), (1) and 
(5),
in fact they exist

select Details:
> 09:41:57 PM: input_rip: error opening file
> `[0e/roland/Dokumente/www/Kaffeine/hda11/Salzburg.wma: No such file or 
> directory
  ^^^^
notice first 4 characters of path are replaced by BINARY data
> 09:41:57 PM: xine: join rip input plugin
> 09:41:57 PM: xine: found input plugin  : mms streaming input plugin
> 09:41:57 PM: xine: The specified save_dir
> "`[0e/roland/Dokumente/www/Kaffeine/hda11" might be a security risk.
   ^^^^
notice first 4 characters of path are replaced by BINARY data

on close by ctrl-q Kaffeine writes this path with the leading BINARY data to
~/.kde/share/apps/kaffeine/xine-config: media.capture.save_dir:

when I restart Kaffeine I CANNOT save any audiostream UNTIL I open dialog (1)
and correct save_dir


looks like a STRING OVERFLOW,
please check if severity "important" and tag "security" are appropriate
#369564 is perhaps related


--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.23.12roland2

Debian Release: lenny/sid
  500 unstable        gd.tuwien.ac.at 
  500 testing         security.debian.org 
  500 testing         gd.tuwien.ac.at 
  500 oldstable       gd.tuwien.ac.at 
    1 experimental    gd.tuwien.ac.at 

--- Package information. ---
Depends                   (Version) | Installed
===================================-+-================
hdparm                              | 6.9-2
kdelibs4c2a            (>= 4:3.5.9) | 4:3.5.9.dfsg.1-4
libc6                    (>= 2.7-1) | 2.7-3
libcdparanoia0                      | 3.10+debian~pre0-4
libgcc1             (>= 1:4.1.1-21) | 1:4.3.0-3
libogg0                 (>= 1.0rc3) | 1.1.3-2
libqt3-mt             (>= 3:3.3.8b) | 3:3.3.8b-5
libstdc++6            (>= 4.1.1-21) | 4.3.0-3
libvorbis0a              (>= 1.1.2) | 1.2.0.dfsg-2
libvorbisenc2            (>= 1.1.2) | 1.1.2.dfsg-1.2
libx11-6                            | 2:1.0.3-7
libxcb1                             | 1.1-1
libxext6                            | 1:1.0.1-2
libxine1                 (>= 1.1.8) | 1.1.10.1-1
libxine1-ffmpeg                     | 1.1.10.1-1
libxine1-x                          | 1.1.10.1-1
libxinerama1                        | 1:1.0.1-4.1
libxtst6                            | 1:1.0.1-5


-- 
Roland Eggner




--- End Message ---
--- Begin Message ---
fixed 488049 1.0-1
thanks

this doesn't apply to kaffeine 1.* anymore; the relevant parts of the
code have been replaced (you simply can't record streams anymore; but
that's a different story with an entry in the kde bug tracker).

Christoph


2010/6/24 Roland Eggner <ed...@systemanalysen.net>:
> On Monday May 3rd 2010 at 14:30:24 Mark Purcell wrote:
>> …
>> Could I ask you to upgrade to the kaffeine in unstable (1.0~pre3) and confirm
>> your report is still current.
> Sorry:
> (a) My personal view:  When software shows such strong signs for a buffer
> overflow and thus with very high likelihood allows execution of arbitrary
> code, I uninstall it immediately from every production system I am
> responsible for.  Any usage outside of sandbox jails is unthinkable.
> Currently I cannot spare time or resources for setting up a virtual machine
> just to debug kaffeine.
> (b)  I tried KDE_4.2.1, found many bugs and apart from okular nothing useful
> for my needs.  I will stick to KDE_3.5.x at least as long as it is maintained.
>
> In short:
> (A)  I won't provide more info.  Sorry.
> (B)  The issue seems to be confirmed by a very similar bugreport:
>> …
>> 1.a. If possible could you review the upstream reports against kaffeine and
>> see if your report has already been reported upstream.
> http://bugs.kde.org/show_bug.cgi?id=197258
>
> --
> Roland Eggner


--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras

Reply via email to