Hi everyone, On 26/06/13 19:41, Alexandre Rebert wrote: > Hi, > > We found a crash in dpkg-preconfigure contained in the cdebconf package. You > are being > contacted because your are listed as one of the maintainer of cdebconf. > > We are planning to submit the bug to the Debian bug tracking system in two > weeks. We wanted to give you a heads-up, so that you some time to assess the > seriousness of the bug before it is publicly disclosed. > > The bug report that will be submitted to the bug tracker is available at the > following url: > > > http://www.forallsecure.com/bug-reports/0b490c9cde588da20fd322f4f05ead920e705eb8/
I just had a look, and the problem was pretty simple to fix. I was missing a check on $PATH being NULL before calling strdup() on it. I have a fix which I plan to push tonight along with a couple of other patches. One thing I noticed, however, is that, because some of the programs are only expected to be run as root, they return immediately if getuid() returns non-zero (e.g. dpkg-reconfigure from cdebconf) and do not actually get tested beyond this point. Alexandre, I don't know if this issue showed up already in your experiment. Regis -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
