xenomai 2.6.4+dfsg-1 is marked for autoremoval from testing on 2017-06-15
It (build-)depends on packages with these RC bugs:
848066: kernel-package: build fails due to missing Documentation/Changes with
kernel 4.9.0+
849357: kernel-package: make-kpkg kernel_headers fails for linux 4.10-rc1;
Package: libytnef0
Version: 1.9.2-1
Severity: normal
Tags: security
Hi,
We find the following code may cause over-read of buffer and leak extra bytes
to the output.
The reason is that the data char array is user controlled value and not
guaranteed to end with a '\0' byte. So it
Package: libytnef
Version: 1.9.2-1
Severity: normal
Tags: security
Hi,
We discover a buffer over-write problem in the T::NEFFillMapi functiion.
The root cause of this problem is zero-byte allocation problem.
in lib/ytnef.c:485
mp->data = calloc(mp->count, sizeof(variableLength));
binary:libcppunit1.13-dev is NEW.
binary:libcppunit1.13-dev is NEW.
source:cppunit1.13 is NEW.
Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so
cppunit1.13_1.13.2-3_amd64.changes uploaded successfully to localhost
along with the files:
cppunit1.13_1.13.2-3.dsc
cppunit1.13_1.13.2.orig.tar.gz
cppunit1.13_1.13.2-3.debian.tar.xz
cppunit1.13_1.13.2-3_amd64.buildinfo
libcppunit-1.13-0v5_1.13.2-3_amd64.deb
libcppunit1.13-dev_1.13.2-3_amd64.deb: trying to install to new, but could not
find source
binary:libcppunit1.13-dev is NEW.
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
cppunit1.13_1.13.2-3_amd64.changes uploaded successfully to localhost
along with the files:
cppunit1.13_1.13.2-3_amd64.buildinfo
libcppunit-1.13-0v5_1.13.2-3_amd64.deb
libcppunit1.13-dev_1.13.2-3_amd64.deb
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
Processing commands for cont...@bugs.debian.org:
> block 862696 with 862135 862134 862133 862132 862131 862130 862129 862128
> 862127 862126 862125
Bug #862696 [release.debian.org] transition: cppunit
862696 was not blocked by any bugs.
862696 was not blocking any bugs.
Added blocking bug(s) of
tags 858178 + patch
thanks
This is correctly diagnosing a buffer which is to small.
The length of data written to the buffer is always constant,
(20 bytes more than the length of the buffer), and not under
user control, so there is probably not a security problem here.
A patch, to increase the
9 matches
Mail list logo