Your message dated Tue, 16 Jan 2007 11:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#406982: fixed in centericq 4.21.0-18
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: centericq
Version: 4.21.0-17
Severity: normal
Tags: patch
Hi,
centericq-4.21.0/libjabber-0.1/xstream.c starting line: 209
209 s = spool_new(xmlnode_pool(x));
210 spooler(s,"<?xml version='1.0'?>",xmlnode2str(x),s);
211 head = spool_print(s);
212 fixr = strstr(head,"/>");
213 *fixr = '>';
214 ++fixr;
215 *fixr = '\0';
This code is highly insecure, if for some reason the stream
doesn contain "/>" fixr will become NULL which will be a problem in lines
213-215. Checking if(fixr) would be appropriate.
Kind regards
Nico
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/zsh
Kernel: Linux 2.6.18-3-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages centericq depends on:
ii centeric 4.21.0-17 A text-mode multi-protocol instant
ii libc6 2.3.6.ds1-9 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii libcurl3 7.15.5-1 Multi-protocol file transfer libra
ii libgcc1 1:4.1.1-21 GCC support library
ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr
ii libgpg-e 1.4-2 library for common error values an
ii libgpgme 1.1.2-2 GPGME - GnuPG Made Easy
ii libidn11 0.6.5-1 GNU libidn library, implementation
ii libjpeg6 6b-13 The Independent JPEG Group's JPEG
ii libkrb53 1.4.4-5 MIT Kerberos runtime libraries
ii libncurs 5.5-5 Shared libraries for terminal hand
ii libssl0. 0.9.8c-4 SSL shared libraries
ii libstdc+ 4.1.1-21 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages centericq recommends:
ii elinks [www-browser] 0.11.1-1.2 advanced text-mode WWW browser
ii firefox 2.0.0.1+dfsg-1 Transition package for iceweasel r
ii iceape-browser [www-brow 1.0.7-2 Iceape Navigator (Internet browser
ii iceweasel [www-browser] 2.0.0.1+dfsg-1 lightweight web browser based on M
ii lynx [www-browser] 2.8.5-2sarge2.2 Text-mode WWW Browser
ii opera-static [www-browse 9.02-20060919.1 The Opera Web Browser
ii sox 12.18.2-2 A universal sound sample translato
ii w3m [www-browser] 0.5.1-5.1 WWW browsable pager with excellent
-- no debconf information
--
Nico Golde - http://www.ngolde.de
JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: centericq
Source-Version: 4.21.0-18
We believe that the bug you reported is fixed in the latest version of
centericq, which is due to be installed in the Debian FTP archive:
centericq-common_4.21.0-18_i386.deb
to pool/main/c/centericq/centericq-common_4.21.0-18_i386.deb
centericq-fribidi_4.21.0-18_i386.deb
to pool/main/c/centericq/centericq-fribidi_4.21.0-18_i386.deb
centericq-utf8_4.21.0-18_i386.deb
to pool/main/c/centericq/centericq-utf8_4.21.0-18_i386.deb
centericq_4.21.0-18.diff.gz
to pool/main/c/centericq/centericq_4.21.0-18.diff.gz
centericq_4.21.0-18.dsc
to pool/main/c/centericq/centericq_4.21.0-18.dsc
centericq_4.21.0-18_i386.deb
to pool/main/c/centericq/centericq_4.21.0-18_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Lemoine <[EMAIL PROTECTED]> (supplier of updated centericq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 16 Jan 2007 08:01:03 +0100
Source: centericq
Binary: centericq-common centericq-utf8 centericq-fribidi centericq
Architecture: source i386
Version: 4.21.0-18
Distribution: unstable
Urgency: high
Maintainer: Julien Lemoine <[EMAIL PROTECTED]>
Changed-By: Julien Lemoine <[EMAIL PROTECTED]>
Description:
centericq - A text-mode multi-protocol instant messenger client
centericq-common - A text-mode multi-protocol instant messenger client (data
files)
centericq-fribidi - A text-mode multi-protocol instant messenger client
(Hebrew)
centericq-utf8 - A text-mode multi-protocol instant messenger client
Closes: 406982
Changes:
centericq (4.21.0-18) unstable; urgency=high
.
* Fixed potential segmentation fault in jabber
(output of strstr was not checked)
Closes: #406982
Files:
f1dd637add8468ae130ac940f76bbb80 835 net optional centericq_4.21.0-18.dsc
d2119fc303c3441b7d60b3f3c63044b3 182241 net optional
centericq_4.21.0-18.diff.gz
cdce9ac768cb008807cd13f367535879 346376 net optional
centericq-common_4.21.0-18_i386.deb
2bc81b09a68fb301a4f68f4d045baadf 1284236 net optional
centericq_4.21.0-18_i386.deb
6c77b7f26d43b4f802241ee737e42eb4 1284198 net optional
centericq-utf8_4.21.0-18_i386.deb
cc0cab2255e52145c9ce60ee88fbb1bb 1284736 net optional
centericq-fribidi_4.21.0-18_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFrKzFc29c8N2YKnURAix2AJ49jtUcJkXwfx0fSzuhFv6d+Uma2gCeNaGU
4rSqR/zDCL286fNZ35x+zSs=
=b500
-----END PGP SIGNATURE-----
--- End Message ---
