Your message dated Mon, 31 Oct 2005 16:02:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#319523: fixed in procps 1:3.2.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Jul 2005 19:36:25 +0000
>From [EMAIL PROTECTED] Fri Jul 22 12:36:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from office.suresupport.com [213.145.98.15]
by spohr.debian.org with smtp (Exim 3.36 1 (Debian))
id 1Dw3Jp-00087Y-00; Fri, 22 Jul 2005 12:36:25 -0700
Received: (qmail 65718 invoked by uid 1026); 22 Jul 2005 19:38:04 -0000
Received: from 213.145.98.37 by office.suresupport.com (envelope-from <[EMAIL
PROTECTED]>, uid 1004) with qmail-scanner-1.23
(f-prot: 4.4.2/3.14.11.
Clear:RC:1(213.145.98.37):.
Processed in 0.104445 secs); 22 Jul 2005 19:38:04 -0000
Received: from unknown (HELO debian.icd.icd) (213.145.98.37)
by office.suresupport.com with SMTP; 22 Jul 2005 19:38:04 -0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Theodor Milkov <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: procps: vmstat -p argument stack overflow
X-Mailer: reportbug 3.8
Date: Fri, 22 Jul 2005 22:36:45 +0300
X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: procps
Version: 1:3.2.1-2
Severity: normal
Tags: patch
An attacker could crash this buffer and jump into his arbitrary code [shellcode]
and change the program execution flow. Since vmstat is not installed setuid it's
not critical but still...
For more information see: http://www.danitrous.org/code/PoCs/vmstat_adv.txt
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages procps depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand
-- no debconf information
---------------------------------------
Received: (at 319523-close) by bugs.debian.org; 1 Nov 2005 00:09:13 +0000
>From [EMAIL PROTECTED] Mon Oct 31 16:09:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EWjbN-00005t-00; Mon, 31 Oct 2005 16:02:09 -0800
From: Craig Small <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#319523: fixed in procps 1:3.2.6-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 31 Oct 2005 16:02:09 -0800
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 11
Source: procps
Source-Version: 1:3.2.6-1
We believe that the bug you reported is fixed in the latest version of
procps, which is due to be installed in the Debian FTP archive:
libproc-dev_3.2.6-1_alpha.deb
to pool/main/p/procps/libproc-dev_3.2.6-1_alpha.deb
procps_3.2.6-1.diff.gz
to pool/main/p/procps/procps_3.2.6-1.diff.gz
procps_3.2.6-1.dsc
to pool/main/p/procps/procps_3.2.6-1.dsc
procps_3.2.6-1_alpha.deb
to pool/main/p/procps/procps_3.2.6-1_alpha.deb
procps_3.2.6.orig.tar.gz
to pool/main/p/procps/procps_3.2.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[EMAIL PROTECTED]> (supplier of updated procps package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 31 Oct 2005 18:49:07 +1100
Source: procps
Binary: procps libproc-dev
Architecture: source alpha
Version: 1:3.2.6-1
Distribution: unstable
Urgency: low
Maintainer: Craig Small <[EMAIL PROTECTED]>
Changed-By: Craig Small <[EMAIL PROTECTED]>
Description:
libproc-dev - library for accessing process information from /proc
procps - /proc file system utilities
Closes: 45937 228899 252799 290719 292834 300333 312157 319523 320289 330464
330969 331192 334682 334684 334685
Changes:
procps (1:3.2.6-1) unstable; urgency=low
.
* New upstream source
* ps: man page more detailed Closes: #334682
* spelling fixes Closes: #300333, #334684, #334685
* top: crash on resize fixed -- thanks Michal Maruska Closes: #320289
* vmstat: -p handles /dev/ and does not overflow Closes: #319523, #330969
* CPU states in top man page Closes: #312157, #228899
* w.bassman finally patched into w Closes: #45937
* w uses COLUMNS if ioctl fails, eg with pipe Closes: #252799
* GNU/kFreeBSD Support Closes: #290719
* Variables that are set are specified on init Closes: #330464
* sysctl.conf has netbase examples Closes: #331192
* sysctl.conf example has way to stop console logging Closes: #292834
Files:
b415a78ce6ff7271bb8110fa7382bce6 616 base required procps_3.2.6-1.dsc
7ce39ea27d7b3da0e8ad74dd41d06783 279084 base required procps_3.2.6.orig.tar.gz
8aa39701dda1420d2dcaf486ba5452d4 28261 base required procps_3.2.6-1.diff.gz
b56599909a5a637ecba1d50ae78ac52b 263716 base required procps_3.2.6-1_alpha.deb
b8066118b958f7f3c57e955d9a54d98a 75984 libdevel optional
libproc-dev_3.2.6-1_alpha.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDZqwWx2zlrBLK36URAvj6AJ4tnGWK5kz8wcmAMI6/Ip5zpvB/zACfRpMZ
+FMhBZsz8/fvJAIrANeqq/4=
=aAkS
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
