Patch we used for the DSA. diff -u unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c --- unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c +++ unicon-3.0.4/unicon/ImmModules/cce/CCE_pinyin.c @@ -159,9 +159,9 @@ IMM_Flush () { char name[256]; - sprintf(name,"%s/.pyinput/usrphrase.tab",getenv("HOME")); + snprintf(name,sizeof(name)-1,"%s/.pyinput/usrphrase.tab",getenv("HOME")); SaveUsrPhrase(name); - sprintf(name,"%s/.pyinput/sysfrequency.tab",getenv("HOME")); + snprintf(name,sizeof(name)-1,"%s/.pyinput/sysfrequency.tab",getenv("HOME")); SavePhraseFrequency(name); return 1; diff -u unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c --- unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c +++ unicon-3.0.4/unicon/ImmModules/cce/xl_pinyin.c @@ -138,21 +138,21 @@ //Rat: modified for processing user-defined dictionaries if ((usrhome = getenv ("HOME")) != NULL) { - sprintf (buf, "%s/%s", usrhome, ".pyinput"); + snprintf (buf,sizeof(buf)-1, "%s/%s", usrhome, ".pyinput"); retval = stat (buf, &statbuf); if ((retval == 0)) { if ((statbuf.st_mode & S_IFMT) == S_IFDIR) { - sprintf (buf, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); if ( (retval = stat(buf, &statbuf)) == 0) { if ( statbuf.st_size < MIN_USRPHR_SIZE || LoadUsrPhrase (buf) == -1) { printf ("Couldn't load %s. Please fix it. size or load error\n", buf); - sprintf (buf, "%s/%s", szPath, "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab"); if ((retval = access (buf, R_OK)) == 0) { if (LoadUsrPhrase (buf) == -1) @@ -164,7 +164,7 @@ else { creat (buf, 0600); - sprintf (buf, "%s/%s", szPath, "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab"); if ((retval = access (buf, R_OK)) == 0) { if (LoadUsrPhrase (buf) == -1) @@ -181,10 +181,10 @@ else { mkdir (buf, 0700); //Rat: making $HOME/.pyinput - sprintf (buf, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); creat (buf, 0600); //Rat: making $HOME/.pyinput/usrphrase.tab - sprintf (buf, "%s/%s", szPath, "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab"); if ((retval = access (buf, R_OK)) == 0) { if (LoadUsrPhrase (buf) == -1) @@ -197,7 +197,7 @@ else { printf ("Sorry, I couldn't find your $HOME.\n"); - sprintf (buf, "%s/%s", szPath, "usrphrase.tab"); + snprintf (buf, sizeof(buf)-1, "%s/%s", szPath, "usrphrase.tab"); printf ("Turn to access %s", buf); if ((retval = access (buf, R_OK)) != 0) @@ -210,7 +210,7 @@ } - sprintf(buf,"%s/%s/%s",usrhome,".pyinput","sysfrequency.tab"); + snprintf(buf,sizeof(buf)-1,"%s/%s/%s",usrhome,".pyinput","sysfrequency.tab"); if(LoadPhraseFrequency(buf) == -1) { creat(buf,0700); @@ -229,7 +229,7 @@ AdjustPhraseFreq (); // lower the freq to [0,50) if (usrhome != NULL) { - sprintf (szFileName, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); + snprintf (szFileName, sizeof(szFileName)-1, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); SaveUsrPhrase (szFileName); } else diff -u unicon-3.0.4/debian/changelog unicon-3.0.4/debian/changelog --- unicon-3.0.4/debian/changelog +++ unicon-3.0.4/debian/changelog @@ -1,3 +1,11 @@ +unicon (3.0.4-11etch1) stable-security; urgency=high + + * Non-maintainer upload by The Security Team. + * Fix the unsafe use of environmental variables. + [CVE-2007-2835] + + -- Steve Kemp <[EMAIL PROTECTED]> Sun, 24 Jul 2007 15:02:42 +0000 + unicon (3.0.4-11) unstable; urgency=low * Changed TLS_PthSocket ::read ::write to Read, Write.
Steve -- http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]