Your message dated Sun, 15 Jan 2006 14:19:46 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#311251: fixed in pscan 1.2-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 May 2005 08:06:31 +0000
>From [EMAIL PROTECTED] Mon May 30 01:06:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from yeast.orebokech.com [82.67.41.165] (romain)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DcfI6-0004CA-00; Mon, 30 May 2005 01:06:30 -0700
Received: from pacem.orebokech.com (pacem.orebokech.com [192.168.1.3])
by yeast.orebokech.com (Postfix) with ESMTP id E651E12CF8
for <[EMAIL PROTECTED]>; Mon, 30 May 2005 10:06:27 +0200 (CEST)
Received: by pacem.orebokech.com (Postfix, from userid 1000)
id 69AD4B30EB; Mon, 30 May 2005 10:06:48 +0200 (CEST)
From: Romain Francoise <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: pscan: Fails to catch simple format string vulnerability
Organization: The Debian Project
Mail-Copies-To: nobody
Date: Mon, 30 May 2005 10:06:48 +0200
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: pscan
Version: 1.2-4
Severity: normal
pscan fails to catch an obvious format string vulnerability in the
following example program:
pacem:/tmp$ cat foo.c
#include <stdio.h>
int main(int argc, char **argv)
{
char b[128];
snprintf(b, sizeof(b), argv[1]);
return 0;
}
pacem:/tmp$ pscan -vv foo.c
Scanning foo.c ...
pacem:/tmp$ echo $?
0
pacem:/tmp$ gcc -Wall -o foo foo.c
pacem:/tmp$ ./foo bar
pacem:/tmp$ ./foo %n
Segmentation fault (core dumped)
pacem:/tmp$
--
,''`.
: :' : Romain Francoise <[EMAIL PROTECTED]>
`. `' http://people.debian.org/~rfrancoise/
`-
---------------------------------------
Received: (at 311251-close) by bugs.debian.org; 15 Jan 2006 22:21:20 +0000
>From [EMAIL PROTECTED] Sun Jan 15 14:21:20 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EyGDy-0005sh-41; Sun, 15 Jan 2006 14:19:46 -0800
From: Steve Kemp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#311251: fixed in pscan 1.2-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 15 Jan 2006 14:19:46 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: pscan
Source-Version: 1.2-5
We believe that the bug you reported is fixed in the latest version of
pscan, which is due to be installed in the Debian FTP archive:
pscan_1.2-5.diff.gz
to pool/main/p/pscan/pscan_1.2-5.diff.gz
pscan_1.2-5.dsc
to pool/main/p/pscan/pscan_1.2-5.dsc
pscan_1.2-5_i386.deb
to pool/main/p/pscan/pscan_1.2-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Kemp <[EMAIL PROTECTED]> (supplier of updated pscan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 Jan 2006 20:00:59 +0000
Source: pscan
Binary: pscan
Architecture: source i386
Version: 1.2-5
Distribution: unstable
Urgency: low
Maintainer: Steve Kemp <[EMAIL PROTECTED]>
Changed-By: Steve Kemp <[EMAIL PROTECTED]>
Description:
pscan - Format string security checker for C files.
Closes: 311251
Changes:
pscan (1.2-5) unstable; urgency=low
.
* Applied another great patch from cmorgan:
- Avoid using the reserved words from C.
(Closes: #311251)
* Updated standards version to 3.6.2.
* Updated debhelper compatability to version 4.
Files:
1147705d7c386e774433d37bf85e589a 546 misc optional pscan_1.2-5.dsc
412ac0285e341f66c33b24ebfadda492 5053 misc optional pscan_1.2-5.diff.gz
d1996f06b73cbf7de5ae052b4f2daf81 15200 misc optional pscan_1.2-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDyrsMwM/Gs81MDZ0RAqR0AKDYrXP36Uq7/96bURL6XZQ2Qk5ZQgCgo35k
fKYwrsWqow1HKgHBRzfxU7Q=
=ZIOU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
