Your message dated Tue, 21 Aug 2007 11:02:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#430153: fixed in calcurse 1.8-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: calcurse Version: 1.6-1 Severity: normal Tag: sourcescan *** Please type your report below this line *** I found a small bug in the handling of TODO entries. Any item of longer than 99 characters will trigger a buffer overflow and segfault. Demonstration: # create a directory: if [ ! -d ~/.calcurse ]; then mkdir ~/.calcurse; fi # create a long TODO entry: perl -e 'print "x"x9999' > ~/.calcurse/todo The program segfaults in io.c: load_todo(int colr) { ... ... char buf[100], e_todo[100]; .... fgets(buf, MAX_LENGTH, data_file); ... return nb_tod; } Notice that there is declared a buffer 100 bytes long, then we try to read "MAX_LENGTH" bytes into it? One or other of those must be changed. Not hugely urgent, and already fixed in upstream CVS. If #426005 is closed this can be at the same time. Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-xen (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages calcurse depends on: ii libc6 2.5-11 GNU C Library: Shared libraries ii libncurses5 5.6-3 Shared libraries for terminal hand calcurse recommends no packages. -- no debconf information Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit
--- End Message ---
--- Begin Message ---Source: calcurse Source-Version: 1.8-1 We believe that the bug you reported is fixed in the latest version of calcurse, which is due to be installed in the Debian FTP archive: calcurse_1.8-1.diff.gz to pool/main/c/calcurse/calcurse_1.8-1.diff.gz calcurse_1.8-1.dsc to pool/main/c/calcurse/calcurse_1.8-1.dsc calcurse_1.8-1_i386.deb to pool/main/c/calcurse/calcurse_1.8-1_i386.deb calcurse_1.8.orig.tar.gz to pool/main/c/calcurse/calcurse_1.8.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bartosz Fenski <[EMAIL PROTECTED]> (supplier of updated calcurse package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 21 Aug 2007 12:39:37 +0200 Source: calcurse Binary: calcurse Architecture: source i386 Version: 1.8-1 Distribution: unstable Urgency: low Maintainer: Bartosz Fenski <[EMAIL PROTECTED]> Changed-By: Bartosz Fenski <[EMAIL PROTECTED]> Description: calcurse - text-based calendar and todo manager Closes: 369227 377547 426005 430153 Changes: calcurse (1.8-1) unstable; urgency=low . * New upstream release. (Closes: #426005) - fixes buffer overflow with too logn TODO. (Closes: #430153) - shows the nearest appointment in status bar. (Closes: #369227) - allows to edit existing appointments. (Closes: #377547) Files: 03bfcfaa678c08c71674489b0f4b619b 591 utils optional calcurse_1.8-1.dsc daa32dfe9ee627db7a4c2be4c281f581 394657 utils optional calcurse_1.8.orig.tar.gz 8fb1b580dc1cf70e4f0e841194f6e7ed 7241 utils optional calcurse_1.8-1.diff.gz a241910a9515bfd2a10e65937e595b7c 170774 utils optional calcurse_1.8-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGysN/hQui3hP+/EARAo0IAJ9R7iD+BHHDtx+vA/vPzkOj2c7QAQCgs0AG KOzE3u+rzbanMQ13vXtJ+EQ= =6JHH -----END PGP SIGNATURE-----
--- End Message ---
