Your message dated Mon, 13 Apr 2015 17:05:00 +0000
with message-id <e1yhhna-0001xn...@franck.debian.org>
and subject line Bug#781858: fixed in apt 1.0.9.8
has caused the Debian Bug report #781858,
regarding apt: dangling pointer crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781858
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Version: 1.0.9.7
Severity: serious
Dear Maintainer,
The apt source includes in apt-pkg/acquire-item.cc:
// FIXME: this points to a c++ string that goes out of scope
Mode = decompProg.c_str();
}
Mode is a char ptr
decompProg is a std::string
When decompProg goes out of scope it will be destroyed, and its internal buffer
that Mode points to will be freed. Any dereference of Mode will now return
arbitrary data which can cause seemingly random and hard-to-debug crashes.
python3-apt, for example, will read Mode and interpret it as UTF-8 (in
python/acquire-item.cc:acquireitem_get_mode). Since the
data is now essentially random, and not all byte sequences are valid UTF-8,
this will cause a crash to intermittently occur in any application
using python3-apt e.g. aptdaemon
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1060081 (the
Ubuntu crash tracker http://errors.ubuntu.com gets about 200 crash
reports a day for that bug).
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 1.0.9.8
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 781...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Kalnischkies <da...@kalnischkies.de> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 13 Apr 2015 07:14:36 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc
apt-utils apt-transport-https
Architecture: source all amd64
Version: 1.0.9.8
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <de...@lists.debian.org>
Changed-By: David Kalnischkies <da...@kalnischkies.de>
Description:
apt - commandline package manager
apt-doc - documentation for APT
apt-transport-https - https download transport for APT
apt-utils - package management related utility programs
libapt-inst1.5 - deb package format runtime library
libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
libapt-pkg-doc - documentation for APT development
libapt-pkg4.12 - package management runtime library
Closes: 777565 777760 781509 781696 781858
Changes:
apt (1.0.9.8) unstable; urgency=medium
.
[ David Kalnischkies ]
* fix another d(e)select-upgrade typo (LP: #1399037)
* properly handle expected filesize in https.
Thanks to Robert Edmonds and Anders Kaseorg for initial patchs
(Closes: 777565, 781509) (LP: #807303)
* avoid depends on std::string implementation for pkgAcquire::Item::Mode
(Closes: 781858)
* demote VectorizeString gcc attribute from const to pure
* keyids in "apt-key del" should be case-insensitive (Closes: 781696)
* parse specific-arch dependencies correctly on single-arch systems
(Closes: 777760)
.
[ Michael Vogt ]
* fix crash in order writing in pkgDPkgPM::WriteApportReport() (LP: #1436626)
Checksums-Sha1:
d62ff198d7a8216530c1b3459b12ff0d573b50f0 2353 apt_1.0.9.8.dsc
06b301bb257d02d01f6f6c7d4a2955b7889a2b41 1822444 apt_1.0.9.8.tar.xz
7444230e03154b75a1b08b330614cad1269befa0 302738 apt-doc_1.0.9.8_all.deb
c50b129277533c29e2a4f20e65de6a29cbb4924d 782156 libapt-pkg-doc_1.0.9.8_all.deb
b895fe39de036971a612e676a8f0732a12e410a5 790080
libapt-pkg4.12_1.0.9.8_amd64.deb
4df3847e35f455345c2d206164b17622ac7dda9b 168446
libapt-inst1.5_1.0.9.8_amd64.deb
e569a0a32bd69140e627832b96af7d414ebfa16b 1108234 apt_1.0.9.8_amd64.deb
9b86f9536a7e801ad1026fde3ad648e7bfb87c2b 193490
libapt-pkg-dev_1.0.9.8_amd64.deb
cc76bf93276ac3487c12f73f7556b94b3bc7192c 368222 apt-utils_1.0.9.8_amd64.deb
c70b427aa0842a2dad189ee7debd9cb735be6a31 137430
apt-transport-https_1.0.9.8_amd64.deb
Checksums-Sha256:
42dfba38f13936daa95425e3ff1547df3f39e216cfce9c9aaad518b2cfebadf8 2353
apt_1.0.9.8.dsc
349498a6c9047e77ac61d23372a39e878394375637bc2584a01ab44994ee565a 1822444
apt_1.0.9.8.tar.xz
9c137fdab30b9aca9360778ab5002d2bb87c96c304c8dcc53eda352138130970 302738
apt-doc_1.0.9.8_all.deb
a9687c673476e5bb96f38d6bc3041366dcb97c7beade2651b2aa48782a8ca1fc 782156
libapt-pkg-doc_1.0.9.8_all.deb
22d6aae772d8356dc5af8927e65a19af0af25c009ffda0ccffd6450db0a73f9c 790080
libapt-pkg4.12_1.0.9.8_amd64.deb
589c7b44a761e23db9cac3b7490536785c9146e981374262172aceb32dd85ccb 168446
libapt-inst1.5_1.0.9.8_amd64.deb
244910b1ae213839d9ed23c0700d8ad6e8ab75e288b1af82f2be4a8124e98194 1108234
apt_1.0.9.8_amd64.deb
b889174545040b1418b5f3eff3ea981ce0dad8e498f24059c81a5e1e86325f53 193490
libapt-pkg-dev_1.0.9.8_amd64.deb
1e7dd2caae7da6590762023517f0ddccb3216b53d6602016c40ec7ed1e89145d 368222
apt-utils_1.0.9.8_amd64.deb
5a89b2b92e8d03762d98dcc23f9b5ad326429c915590058f0d38bfe4b4c2572c 137430
apt-transport-https_1.0.9.8_amd64.deb
Files:
fdc1f83bdd00347877455c64cbbc3670 2353 admin important apt_1.0.9.8.dsc
b8743fe972be233cefd8d6d12e55e501 1822444 admin important apt_1.0.9.8.tar.xz
ebacdfe06b838fddd966c601e288c989 302738 doc optional apt-doc_1.0.9.8_all.deb
ead06adff391f1cf7f269849f671e2b1 782156 doc optional
libapt-pkg-doc_1.0.9.8_all.deb
7c0b59d8f7b8d5fbb9eb5c9a04c4bd3e 790080 libs important
libapt-pkg4.12_1.0.9.8_amd64.deb
433ab0c008fe3ffc6036be377ca08a3f 168446 libs important
libapt-inst1.5_1.0.9.8_amd64.deb
da986db1b582248ddea1ecca35404a76 1108234 admin important apt_1.0.9.8_amd64.deb
29c57d940a766196c48a47a45d15816a 193490 libdevel optional
libapt-pkg-dev_1.0.9.8_amd64.deb
34e180fff5561dbb41b1ccf99ee28c2b 368222 admin important
apt-utils_1.0.9.8_amd64.deb
4cd67222765dcdd9bc920c22fd1d011d 137430 admin optional
apt-transport-https_1.0.9.8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIbBAEBCAAGBQJVK/SVAAoJEJjKuzq9TKWe3b4P9jHOd1oKvxrkVAlIfvp61fXn
I/Xbkhh/70k6LLCA1plZLy+uxurZA740wYa9QT9knu0867f2cG1CaIhBv7ywif4l
ZQUgMOKWwu6nas5UGjX4BYKwzuRHjMQb9nuy8dNAZ2kvBIDvxXgkogVk5Ew/A+Ef
E6rqGUGiXkNBkCYNkdM7nld/wZjpiPPtCIYa/JgAgdn5i+Pfv9HtxLqyhlE/c5Z3
TCI77T5Pni/rlwY1GaZ39HZxv6Jg/Qmt/vpNFzfNk7KevFzUyXXku4E2QmGHCALr
Nxc3vjk4Xs9uVpTa5D4Oj1rGvI6TnxKs9Yde9GPXax0FFudD5+2vBG+BHwyMYR2E
KDPzPzu5N7dgdcClC2T7hStWkYXd+9vMjFNxwimJYf5y/BlMdn4dkcEfbR9Y/kOn
YkWMWDXMEzP0rr0kaL5FWjOCxFiXnlcVrDOXixP/flrXauPUc003wwAINrUkI95i
6EufwGIUIwJc2szmZUnAN+DfAo7h/CUe8smrGEmD8lA1V/P006ioAzojIJaZ/Cp6
Zhhrnl/lig11ZrzufkznvyaTeyd2Rfl/RBxmOrXILXi+2hfiP8wTc9fsgp6dMok9
a+Rgrpm753b0h/57ej451CKNK6kwmmLM6VH/hneUEgOjup/JGD06B8nsJ4AXRK8a
+f4BGWRgM7sEMbs8xL8=
=sQiw
-----END PGP SIGNATURE-----
--- End Message ---
