Your message dated Tue, 03 May 2011 22:06:50 +0000
with message-id <e1qhnk2-0002ww...@franck.debian.org>
and subject line Bug#624775: fixed in serd 0~svn155-1
has caused the Debian Bug report #624775,
regarding lv2core: Buffer overflow in serd-0.1.0.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
624775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624775
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lv2core
Version: 4.0-5
Severity: normal
Tags: patch


This is a bug against the SOURCE package from Debian Sid so my distribution 
is irrelevant.

When building lv2core-4.0-5 from sid, I noticed a warning about snprintf 
being guaranteed to overflow in write_text. The problem seems to be that the 
local variable `escape' is declared as char [10], then used in snprintf as 
if it had 11 characters.

Attached patch trivially fixes that.

-- System Information:
Debian Release: squeeze/sid
  APT prefers lucid-updates
  APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 
'lucid-proposed'), (500, 'lucid-backports'), (500, 'lucid')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-11-rt (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- a/serd-0.1.0.c
+++ b/serd-0.1.0.c
@@ -2313,7 +2313,7 @@
 write_text(SerdWriter writer, TextContext ctx,
            const uint8_t* utf8, size_t n_bytes, uint8_t terminator)
 {
-	char escape[10] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+	char escape[15] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 	for (size_t i = 0; i < n_bytes;) {
 		uint8_t in = utf8[i++];
 		switch (in) {

--- End Message ---
--- Begin Message ---
Source: serd
Source-Version: 0~svn155-1

We believe that the bug you reported is fixed in the latest version of
serd, which is due to be installed in the Debian FTP archive:

libserd-0-0_0~svn155-1_amd64.deb
  to main/s/serd/libserd-0-0_0~svn155-1_amd64.deb
libserd-dev_0~svn155-1_all.deb
  to main/s/serd/libserd-dev_0~svn155-1_all.deb
serd-dbg_0~svn155-1_amd64.deb
  to main/s/serd/serd-dbg_0~svn155-1_amd64.deb
serd_0~svn155-1.debian.tar.gz
  to main/s/serd/serd_0~svn155-1.debian.tar.gz
serd_0~svn155-1.dsc
  to main/s/serd/serd_0~svn155-1.dsc
serd_0~svn155.orig.tar.bz2
  to main/s/serd/serd_0~svn155.orig.tar.bz2
serdi_0~svn155-1_amd64.deb
  to main/s/serd/serdi_0~svn155-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 624...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessio Treglia <ales...@debian.org> (supplier of updated serd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 May 2011 13:57:33 +0200
Source: serd
Binary: libserd-dev libserd-0-0 serdi serd-dbg
Architecture: source all amd64
Version: 0~svn155-1
Distribution: unstable
Urgency: low
Maintainer: Debian Multimedia Maintainers 
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Alessio Treglia <ales...@debian.org>
Description: 
 libserd-0-0 - lightweight RDF syntax library
 libserd-dev - lightweight RDF syntax library - development files
 serd-dbg   - lightweight RDF syntax library - debugging symbols
 serdi      - lightweight RDF syntax library - serdi tool
Closes: 624775
Changes: 
 serd (0~svn155-1) unstable; urgency=low
 .
   * New upstream release:
     - Re-licensed under ISC license terms, update debian/copyright.
   * Move from libserd0 to libserd-0-0.
   * Add patch to fix snprintf overflow (Closes: #624775).
   * Refresh 1001-dont_run_ldconfig.patch.
   * debian/rules: Explicitly pass --mandir to configure.
   * debian/get-svn-source.sh
     - Abort on errors.
     - Append upstream versioning to the directory's name.
   * Bump Standards.
Checksums-Sha1: 
 8349b8651443d4d0213d0362e1f5a1f4cefe002d 1293 serd_0~svn155-1.dsc
 6af33544b17c8b5688b8cea135b810b0ede9978b 288413 serd_0~svn155.orig.tar.bz2
 163605d1bed4fb35ea85ff9e42a99c0506b90ff4 4897 serd_0~svn155-1.debian.tar.gz
 0fe1d994b25c74b6d9c86d0dce584a361791c40a 7830 libserd-dev_0~svn155-1_all.deb
 2898bb66b7a100efc655d288a2b62b278ba4fae3 22182 libserd-0-0_0~svn155-1_amd64.deb
 fd4a4a217ac356020b7f579f3f2a7d2ba7c7fa53 8004 serdi_0~svn155-1_amd64.deb
 96a648f3f8a79e4af45df239a5c7db14ea07449b 27770 serd-dbg_0~svn155-1_amd64.deb
Checksums-Sha256: 
 96f3406ada357d1b8df775fc3d1fdf8abd8f6218d43e2cd9570a54a68c4fe92a 1293 
serd_0~svn155-1.dsc
 35154af8f2101e651bfdad8bc96d91f5c634c035e5612f2d49201b30c07a46be 288413 
serd_0~svn155.orig.tar.bz2
 e69513f7d1bfcc69ba9a52037b167269651d7dd864f413e92b19ed64f08cf655 4897 
serd_0~svn155-1.debian.tar.gz
 d5712ecc1f919c62315f3731e035710b7dcbe4ea887e8a90f2cc787cfd94b354 7830 
libserd-dev_0~svn155-1_all.deb
 b8bc5519c14aa37dda6c99dbe9538d85accb672eaa20035829108375a89ae78a 22182 
libserd-0-0_0~svn155-1_amd64.deb
 706a79097c130d669359d7c1ef88952d31201306a6f3b3c1ecb90f6178bc6187 8004 
serdi_0~svn155-1_amd64.deb
 76709f1d2d8c799565d2e05a281bcc947a149f1000f16f575e7b1d29791c6ba5 27770 
serd-dbg_0~svn155-1_amd64.deb
Files: 
 62b7fabbf4f06ae4ac955b4bdfb850eb 1293 libs optional serd_0~svn155-1.dsc
 5b0f58b092018a78330e40b0a94da4b9 288413 libs optional 
serd_0~svn155.orig.tar.bz2
 50c453e826e58f0a23d01794e27ef819 4897 libs optional 
serd_0~svn155-1.debian.tar.gz
 49ff666020b95121626bfcb01d102c2c 7830 libdevel optional 
libserd-dev_0~svn155-1_all.deb
 4c41af5d87467944adfddb3e2ec9fa18 22182 libs optional 
libserd-0-0_0~svn155-1_amd64.deb
 2f0f0130e4c55acbe9983b5f0b9f1047 8004 text optional serdi_0~svn155-1_amd64.deb
 1a444cec646cdb5708fca986bf97f343 27770 debug extra 
serd-dbg_0~svn155-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2/8D0ACgkQRdSMfNz8P9B//gCfWdiWMaYdJybEvujkeWKL/sxX
ESoAn0/YS2GbnZbzud24xh4XFTf+aruI
=4s5Z
-----END PGP SIGNATURE-----



--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to