Your message dated Mon, 26 Jan 2009 00:41:15 +0100
with message-id <1232926875.4664.150.ca...@localhost>
and subject line incorrect pointer adjustments on buffer reallocation
has caused the Debian Bug report #245840,
regarding incorrect pointer adjustments on buffer reallocation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
245840: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245840
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python2.3
Version: 2.3.3-1
Severity: normal
The attached testcase demonstrates a bug in, apparently,
/usr/lib/python2.3/lib-dynload/pyexpat.so. Here's the bug in gdb:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 28350)]
0x40566800 in XmlInitUnknownEncodingNS ()
from /usr/lib/python2.3/lib-dynload/pyexpat.so
To try it youself, run "make" in the testcase directory. I apoligise for
the size of this testcase; I would have whitteled it down to something
simpler, but I am not a python programmer. I also apoligise if the bug
is really in some library that python uses; I only went back as far as
pyexpat.so.
Some developers on IRC feel this may be exploitable. Talk with Scott
James Remnant <[email protected]>, who also has some idea of the
encoding problems in the rss file that are causing the crash.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux dragon 2.4.24 #1 Thu Jan 8 15:48:32 EST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages python2.3 depends on:
ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libdb4.1 4.1.25-16 Berkeley v4.1 Database Libraries [
ii libncurses5 5.3.20030719-4 Shared libraries for terminal hand
ii libreadline4 4.3-9 GNU readline and history libraries
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii python 2.3.3-1 An interactive high-level object-o
ii zlib1g 1:1.2.1-3 compression library - runtime
-- no debconf information
--
see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Hi,
The problem doesn't seem to apply to Lenny/Sid. I've also talked to
upstream and they believe too, that the problem does not exist in expat
2. I tested the library in Etch and wasn't able to reproduce the
problem. Given the report date and the current results to reproduce the
issue, I'm closing this report. Please feel free to comment this
decision and/or reopen your report.
Regards, Daniel
--- End Message ---
