*** This bug is a duplicate of bug 1722528 ***
https://bugs.launchpad.net/bugs/1722528
** This bug has been marked a duplicate of bug 1722528
find buffer-overflow with -printf '%T+'
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Changed in: findutils (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to findutils in Ubuntu.
https://bugs.launchpad.net/bugs/1730696
Title:
*** buffer overflow detected ***:
** Also affects: findutils (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873032
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to findutils in Ubuntu.
I can confirm the bug:
There is a blatant stack overflow in the ubuntu 17.10 sources
(findutils-4.6.0+git+20170729):
file "find/print.c", function "static char* format_date", line 614 and following
char fmt[6];
/* a few lines later */
strcpy(fmt, "%Y-%m-%d+%T");
that is string is longer than 5
I just checked the GNU git sources
(https://git.savannah.gnu.org/git/findutils.git)
the bug was fixed upstream
commit febde26dd0e66dda5d4060fa29b85443ddc6a865
Author: Bernhard Voelker
Date: Mon Aug 28 23:15:12 2017 +0200
find: avoid buffer-overflow with -printf
correcting package. /usr/bin/find belong to the findutils package.
** Package changed: coreutils (Ubuntu) => findutils (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to findutils in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: coreutils (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to coreutils in Ubuntu.
7 matches
Mail list logo