It appears that my fixes both, which I meant as 2091 for both read()
and readline(), has been misinterpreted as both 2090 and 2091, with
the result that Saikrishna's simgear 2090 patch was not applied; my
flightgear patch for upstream issue 1117 wasn't applied either.
I.e. there should be three
OK. Please ping the bug when then are ready and I'll sync from Debian.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to version 2.10.0
To manage
The fixed packages in Debian are flightgear 2.10.0-2 and simgear
2.10.0-3, both currently in the build queue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to
On Sunday, September 08, 2013 17:42:33 you wrote:
The fixed packages in Debian are flightgear 2.10.0-2 and simgear
2.10.0-3, both currently in the build queue.
Both sync'ed. Thanks for working through this and sticking with it.
Scott K
--
You received this bug notification because you are a
** Patch removed: simgear_CVE2012_2091.patch
https://bugs.launchpad.net/ubuntu/+source/simgear/+bug/1077624/+attachment/3806309/+files/simgear_CVE2012_2091.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Sorry...my previous patch had an off-by-one error. Corrected patch
attached.
** Patch added: simgear_CVE2012_2091.patch
https://bugs.launchpad.net/ubuntu/+source/simgear/+bug/1077624/+attachment/3808144/+files/simgear_CVE2012_2091.patch
--
You received this bug notification because you are
OK. Uploaded the updated version.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to version 2.10.0
To manage notifications about this bug go to:
This bug was fixed in the package flightgear-data - 2.10.0-1
Sponsored for Thomas Hotz (thotz)
---
flightgear-data (2.10.0-1) experimental; urgency=low
* New upstream release. (Closes: #714260).
* Rename data source and binary packages for clarity - now including
'flightgear'
You are correct. I'm fixing the Ubuntu package and I reopened the bug
in Debian.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to version 2.10.0
To manage
CVE-2012-2091 attached here.
** Patch added: CVE-2012-2091
https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1077624/+attachment/3805988/+files/cve-2012-2091-check-length-of-buffer.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I should have mentioned that the patches were to the best of my ability
and might not address all problems.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to
Also a fix for upstream bug 1117 ( http://code.google.com/p/flightgear-
bugs/issues/detail?id=1117q=2090colspec=ID%20Type%20Status%20Priority%20Summary%20Aircraft%20Milestone
), another format string security bug.
Note that neither of these fixes have been tested.
** Patch added:
The original report doesn't say so but it looks like
SGSocketUDP::readline is vulnerable as well: the attached fixes both.
(I kept the negative-length check but consider it mostly pointless: if
you can't assume length is the correct length of buf, it's impossible to
prevent an overflow.)
**
Here's an updated patch that sets length to 0 if length is negative.
This should cause nothing to be read from the socket, right?
** Patch added: CVE-2012-2091
Saikrishna, I don't believe that patch is complete:
+++ simgear/simgear/io/sg_socket_udp.cxx2013-08-04 22:21:16.174132010
-0500
@@ -104,8 +104,9 @@
}
int result;
+int size = length SG_IO_MAX_MSG_SIZE ? length : SG_IO_MAX_MSG_SIZE;
-if ( (result = sock.recv(buf,
Rebecca's patches look good to me, too. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to version 2.10.0
To manage notifications about this bug go to:
There's another CVE for simgear (6699025 was for the one in flightgear):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669024. There aren't
any patches attached to the bug report, but I made my own patches in an
attempt to address the CVE, which I attached here.
** Bug watch added: Debian Bug
Sorry, stray bracket.
** Patch removed: simgear_CVE2012_2091.patch
https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1077624/+attachment/3806302/+files/simgear_CVE2012_2091.patch
** Patch added: simgear_CVE2012_2091.patch
Did you apply the security patches (Debian bug http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=669025 ), and if not is there a reason you
can't? Both Ubuntu's and Debian's 2.10 source look unpatched.
** Bug watch added: Debian Bug tracker #669025
Here's an updated patch that sets length to 0 if length is negative
** Patch removed: CVE-2012-2091
https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1077624/+attachment/3805988/+files/cve-2012-2091-check-length-of-buffer.patch
** Patch added: CVE-2012-2091
I've uploaded an update for simgear with them as well. Sent the patch
to Debian. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1077624
Title:
FFe: Update Flightgear to version 2.10.0
To
Ack. Approved. It's out of New in Debian, so please sync it once it's
available.
** Changed in: flightgear-data (Ubuntu)
Status: Confirmed = Triaged
** Changed in: flightgear-data (Ubuntu)
Importance: Undecided = Wishlist
--
You received this bug notification because you are a
22 matches
Mail list logo