Hi, I intent to NMU this bug with the permission of Miriam because her hardware is currently broken.
debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/tmsnc-0.3.2-1_0.3.2-1.1.patch Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u tmsnc-0.3.2/debian/changelog tmsnc-0.3.2/debian/changelog --- tmsnc-0.3.2/debian/changelog +++ tmsnc-0.3.2/debian/changelog @@ -1,3 +1,11 @@ +tmsnc (0.3.2-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix stack-based buffer overflow in UBX handling + (No CVE id yet; Closes: #487222, #487046). + + -- Nico Golde <[EMAIL PROTECTED]> Mon, 23 Jun 2008 19:24:31 +0200 + tmsnc (0.3.2-1) unstable; urgency=low * New Upstream Release. Closes: #401935 only in patch2: unchanged: --- tmsnc-0.3.2.orig/src/core_net.c +++ tmsnc-0.3.2/src/core_net.c @@ -845,11 +845,14 @@ i = atoi(ptr[0]); free(ptr[0]); + if(i < 0 || i > sizeof(buf) - 1) + i = sizeof(buf) - 1; if (read(session->sd, buf, i) != i) { strncpy(message, "Couldn't read UBX payload", message_len - 1); return -1; } + buf[sizeof(buf) - 1] = 0; // parsing PSM, by gfhuang if(0 == i) buf[0] = 0; //important, by gfhuang, when i=0, buf is untouched!
pgp92rOVLJwmL.pgp
Description: PGP signature