Package: libcdaudio
Severity: grave
Tags: security
Justification: user security hole
Hi Daniel, please see
http://www.openwall.com/lists/oss-security/2008/11/05/1
http://www.openwall.com/lists/oss-security/2008/11/07/1
I'm attaching the dpatch I'm using for stable-security for your
convenience. Please upload to unstable with urgency=high and
pester the RMs.
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
#!/bin/sh /usr/share/dpatch/dpatch-run
## 02-cddb-bufferoverflow.dpatch by Moritz Muehlenhoff <[EMAIL PROTECTED]>
##
## DP: CVE-2008-5030
@DPATCH@
diff -aur libcdaudio-0.99.12p2.orig/src/cddb.c libcdaudio-0.99.12p2/src/cddb.c
--- libcdaudio-0.99.12p2.orig/src/cddb.c 2004-09-09 01:26:39.000000000 +0000
+++ libcdaudio-0.99.12p2/src/cddb.c 2008-11-12 21:11:29.000000000 +0000
@@ -1679,7 +1679,7 @@
free(file);
while(!feof(cddb_data)) {
- fgets(inbuffer, 512, cddb_data);
+ fgets(inbuffer, 256, cddb_data);
cddb_process_line(inbuffer, data);
}
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
