Source: mariadb-10.1 Version: 10.1.26-1 Severity: important Tags: patch security Control: clone -1 -2 Control: reassign -2 mariadb-10.2 10.2.7-1 Control: retitle -2 mariadb-10.2: fix-FTBFS-on-GNU-Hurd.patch introduces buffer overflow in mariabackup
Hi, As I mentioned in #879637 (message #12), the fix-FTBFS-on-GNU-Hurd.patch Debian patch introduces a buffer overflow in mariabackup. Applying the attached debdiff should fix it. The bug does not affect mariadb-10.1 in stretch-security because it doesn't include the fix-FTBFS-on-GNU-Hurd.patch patch. Thanks, James
diff -ur a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch --- a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch 2017-11-16 15:24:36.000000000 +0000 +++ b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch 2017-11-18 11:38:35.614785997 +0000 @@ -57,7 +57,7 @@ - parent[sizeof(parent) - 1] = 0; + parent = (char *)malloc(len); + strncpy(parent, pathname, len); -+ parent[len] = 0; ++ parent[len - 1] = 0; for (p = parent + strlen(parent); !is_path_separator(*p) && p != parent; p--);
signature.asc
Description: OpenPGP digital signature