Your message dated Mon, 17 Jan 2011 01:59:30 +0000
with message-id <[email protected]>
and subject line Bug#609096: fixed in xdigger 1.0.10-13+lenny1
has caused the Debian Bug report #609096,
regarding Buffer overflow in xdigger with long argv[0]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
609096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xdigger
Version: 1.0.10-13
Severity: important
Tags: security
There is a buffer overflow in xdigger.
xdigger_1.0.10/xdigger.c
strcpy(progname, argv[0]);
I confirmed execv* with a long argv[0] crashes xdigger.
Some other cases in the sound module with copying and strcating pargv/argv
might be worth looking at also. I have not investigated further. Nor have I
investigated exploitability.
xdigger is SGID games.
--- End Message ---
--- Begin Message ---
Source: xdigger
Source-Version: 1.0.10-13+lenny1
We believe that the bug you reported is fixed in the latest version of
xdigger, which is due to be installed in the Debian FTP archive:
xdigger_1.0.10-13+lenny1.diff.gz
to main/x/xdigger/xdigger_1.0.10-13+lenny1.diff.gz
xdigger_1.0.10-13+lenny1.dsc
to main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
xdigger_1.0.10-13+lenny1_amd64.deb
to main/x/xdigger/xdigger_1.0.10-13+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Pentchev <[email protected]> (supplier of updated xdigger package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Jan 2011 23:18:52 +0200
Source: xdigger
Binary: xdigger
Architecture: amd64 source
Version: 1.0.10-13+lenny1
Distribution: stable
Urgency: low
Maintainer: Debian Games Team <[email protected]>
Changed-By: Peter Pentchev <[email protected]>
Closes: 609096
Description:
xdigger - arcade diamonds digging game for X11
Changes:
xdigger (1.0.10-13+lenny1) stable; urgency=low
.
* Team upload.
* Paul Wise made xdigger.desktop a valid file by adding ArcadeGame
as a category.
* Add the buffers patch to guard against lots of buffer overflows,
including the one reported in the BTS. Closes: #609096
* Add DEP 3 descriptive headers to the rest of the patches.
* Use the quilt patch/unpatch targets in a bit more robust way and
add a README.source file describing the use of quilt.
Checksums-Sha1:
95ca25fd6c9d05f26d3f6815379bfeb17bfc2f9a 1998 xdigger_1.0.10-13+lenny1.dsc
877a60c71ab23d0b1fe204ddbb9c3536c2f1f3a1 9133 xdigger_1.0.10-13+lenny1.diff.gz
8eb000b3697a656c6f8398a08a2bb2b3907a2ebc 42004
xdigger_1.0.10-13+lenny1_amd64.deb
Checksums-Sha256:
9a939073fe2c828a1d6bc54e979012ace68513bc25cb0d37bcca185f1f10636f 1998
xdigger_1.0.10-13+lenny1.dsc
83406f0e7a5626f980661473c8cacdf4b06983c6121817ed1053bd642909be6d 9133
xdigger_1.0.10-13+lenny1.diff.gz
540505ad9933ec00486530df701d71e7c458468dce63eecd15e58d18311afd8e 42004
xdigger_1.0.10-13+lenny1_amd64.deb
Files:
825e1d7a422f3d44c60abd10557fb3e0 1998 games optional
xdigger_1.0.10-13+lenny1.dsc
0172a6510d3efa84286b6cdd298193b1 9133 games optional
xdigger_1.0.10-13+lenny1.diff.gz
118baeabc4e8ad43b16648e23c8dd04e 42004 games optional
xdigger_1.0.10-13+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJNM4JrAAoJEIATJTTdNH3IBbsP/2X8Tl+u1PMo71ApwsXtbcFR
L+7XBJjvHGIOJ3NgtgCTcaKDO1Q9LG0vGfX5IAFSrr52JogEG1wLxWOjBoEgLnSy
Zbv/rzs2Y8w9F6NKu/oGI5qqRLR0HZwkzSOGLJHkzzyRJpFn8NpeERp9OUE7fZol
SJOFzNxcrtYEM0WO/82j96/gEJcTkbDj9itTaWaASRauDyLYYNqgYOS1/wQAq8KJ
q7B/S+VPHT2XxXOyjPaEtUWOClid79D47oKTNbNmpx+JkM/0P3Qvchldmwn5vJfc
VoyXyH8UjbXzoRGLuMuY6JbBs3Uqi742Lhsu1j9YIdIE9IpLdiBli9bEkZS10cbz
N3LgwQGJ4vzIQCpCJCMdLPZnkKPKxbD3XbloPZXfqhxZXKU+8fDy9EWx7M07wyZA
cBqXiggREUDw+H3cqiGZh/pjUMo0MMmyjg8mZh/KAaSSXexz5DFO1QG1gtcVgQaa
Usya0UVHSZeO6Zruj5hqCZysRjWZ5DtaSNayF0MNUmxpAMgI8QFa5WEiXMFvhww/
TvxgUlb55UCTpetD8TiqvO/TTVbriyy5TW2Uy1Nx3DLze9Z1Hlza9Hyaq8RsqZKF
aPCjzGSm+xAE7XwBPOtInnScAH/z/IgX/QkKNTPlKJeCDIBxMc6UF2OR4CY03oS5
CSP0kKevICh2zeiIohFz
=hjfp
-----END PGP SIGNATURE-----
--- End Message ---
