Public bug reported:
2ping 3.2.0-1 (currently in xenial) contains a remote crash denial of
service condition when the peer sends a notice with non-ASCII (e.g.
Unicode) text. This cannot lead to a remote crash in the listener's
default configuration (only when --debug is passed), but IMHO is serious
enough that this fix should be included before xenial is released.
Please sync 2ping 3.2.1-1 from Debian unstable. 3.2.1-1 contains the
following fix against 3.2.0-1 to properly render Unicode notices and
filter invalid high characters:
diff --git a/twoping/cli.py b/twoping/cli.py
index 418f5b7..3e94573 100755
--- a/twoping/cli.py
+++ b/twoping/cli.py
@@ -335,7 +335,7 @@ class TwoPing():
(packets.OpcodeExtended.id in packet_in.opcodes) and
(packets.ExtendedNotice.id in
packet_in.opcodes[packets.OpcodeExtended.id].segments)
):
- notice =
str(packet_in.opcodes[packets.OpcodeExtended.id].segments[packets.ExtendedNotice.id].text)
+ notice =
unicode(str(packet_in.opcodes[packets.OpcodeExtended.id].segments[packets.ExtendedNotice.id].text),
'UTF-8', 'replace')
self.print_out(' ' + _('Peer notice:
{notice}').format(notice=notice))
sock_class.courtesy_messages[peer_tuple][replied_message_id_int] =
(time_begin, replied_message_id)
** Affects: 2ping (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1562455
Title:
Please sync 2ping 3.2.1-1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/2ping/+bug/1562455/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
