Your message dated Tue, 16 Dec 2014 18:36:45 +0100 with message-id <[email protected]> and subject line Re: Bug#773305: Buffer overflow has caused the Debian Bug report #773305, regarding Buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 773305: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773305 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dpkg Version: 1.17.22-9 Severity: normal In src/configure.c, in the 'show_diff' function, a buffer overflow in the 'cmdbuf' may occur on a long "PAGER" variable. from show_diff([..]): > char cmdbuf[1024]; > > sprintf(cmdbuf, DIFF " -Nu %.250s %.250s | %.250s", > str_quote_meta(old), str_quote_meta(new), > command_get_pager()); In command_get_pager(void): > pager = getenv("PAGER"); -- -- Joshua Rogers <https://internot.info/>
--- End Message ---
--- Begin Message ---On Wed, 2014-12-17 at 04:17:47 +1100, Joshua Rogers wrote: > On 17/12/14 04:08, Joshua Rogers wrote: > > I sent that email a bit too early. > > I found this using Coverity. Hmm, dpkg was already in Coverity. > Ugh, I'm too tired for this. I just realized it obviously cannot > overlow, since %.250s is used. Exactly, was gonna just say that. Closing now. Regards, Guillem
--- End Message ---
