Your message dated Sat, 21 Oct 2017 21:13:14 +0000 with message-id <[email protected]> and subject line Bug#878512: fixed in pax 1:20171021-1 has caused the Debian Bug report #878512, regarding pax: out-of-bounds read in rd_wrbuf() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 878512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878512 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: pax Version: 1:20161104-2 pax crashes on some malformed tar archives: $ printf '%0125d606%023d57614%0356d' | pax > /dev/null Segmentation fault Valgrind says it's an out-of-bounds read: Invalid read of size 4 at 0x4832F70: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) by 0x10EA47: memcpy (string3.h:53) by 0x10EA47: rd_wrbuf (buf_subs.c:560) by 0x10C9D1: next_head (ar_subs.c:1057) by 0x10D15E: list (ar_subs.c:104) by 0x109DD6: main (pax.c:296) Address 0x8612ba58 is not stack'd, malloc'd or (recently) free'd Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 Versions of packages pax depends on: ii libc6 2.24-17 -- Jakub Wilk
--- End Message ---
--- Begin Message ---Source: pax Source-Version: 1:20171021-1 We believe that the bug you reported is fixed in the latest version of pax, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Glaser <[email protected]> (supplier of updated pax package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Format: 1.8 Date: Sat, 21 Oct 2017 21:55:55 +0200 Source: pax Binary: pax Architecture: source i386 Version: 1:20171021-1 Distribution: unstable Urgency: medium Maintainer: Thorsten Glaser <[email protected]> Changed-By: Thorsten Glaser <[email protected]> Description: pax - Portable Archive Interchange (cpio, pax, tar) Closes: 878512 878642 878645 Changes: pax (1:20171021-1) unstable; urgency=medium . * New upstream release - (Closes: #878512) (Closes: #878642) (Closes: #878645) - fixes some error messages - let lzip have .lz and .tlz extensions (thanks Antonio) - exit nonzero if the compression subprocess fails * Bump Policy (no changes) Checksums-Sha1: 80034774da7ea438a8c6dd683af9f7bd59f87f7a 1865 pax_20171021-1.dsc cd050e986fe3476665c716b515133c68cd0d39aa 111820 pax_20171021.orig.tar.xz c8ea324a5f3b43736b434be71a8823421c68c104 7048 pax_20171021-1.debian.tar.xz 1d12b27f33e464d18b3fc5ea09a1dc23291605c0 109172 pax-dbgsym_20171021-1_i386.deb 32da34364e15c151c1ad0c74f4242b7185b616e3 4566 pax_20171021-1_i386.buildinfo 0be507f29d7ba77a092ee9425cc916e14825e569 87416 pax_20171021-1_i386.deb Checksums-Sha256: 87658704f29c3271588d0b29716e6cc05853df6193cd02b67098b87fea62844a 1865 pax_20171021-1.dsc a2dd6b873f679c992ccbe3460db0bce990663cdba0fffa4fcfdee0998f91b3e7 111820 pax_20171021.orig.tar.xz ed5e10e8c0d11c96688a7237081dc86bb05488b62851a84074d8774e4ebdebf9 7048 pax_20171021-1.debian.tar.xz 74ea1b297b002c8765cf2b606924f0e3f8e552a55d1b146177d2a966612ab801 109172 pax-dbgsym_20171021-1_i386.deb 68649aff4a04484a6f5c061f8057c98771e7945fe450cb57fdb42ba5d389f7ee 4566 pax_20171021-1_i386.buildinfo 495e882ea38aad1d8d6e023dc2798f159313cd4c02f3158b1adcb5d2eb32cc59 87416 pax_20171021-1_i386.deb Files: 9a50afa65d76c7660c0ba903a9a65c40 1865 utils optional pax_20171021-1.dsc bf223dcf1a59ca314cb813fddb921d45 111820 utils optional pax_20171021.orig.tar.xz fcb438bb939cc81c11fe922136457e55 7048 utils optional pax_20171021-1.debian.tar.xz e3ef021b4cf71acb90da01714f435238 109172 debug optional pax-dbgsym_20171021-1_i386.deb d1ac7b619d876244746e402477cb0823 4566 utils optional pax_20171021-1_i386.buildinfo ffc662c7fb0bfb0d890d290fefd7df9e 87416 utils optional pax_20171021-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (MirBSD) Comment: ☃ ЦΤℱ—8 ☕☂☄ iQIcBAEBCQAGBQJZ66elAAoJEHa1NLLpkAfg10gP/264yvkwp724Q48YCqSuFJZg 2VfksUWL5SzF0wDwp2yxzUWBRWwiTk8FOwDu6hB6yiwqIpVA/SncnKsG8+7I18RD tVz1aR3AYSWUF/0UYBcgjfLj3CJQ9xkHN0hOEbGlYyu0pA7LlE0eUJC7/qVZNDbI Ckz3Zje7/Il3mx8Y5Gt3K1RRmCFx/epYlPbrzR/fSYs539LNvD/+4tHO6yZh1lkb jZGIGB+KopzBF79zA0JePg1rYp7KYfPoitPflkvsgeUcW06G1eMKHDn7s42PgpxH ZgE8ER7bFqZmutfiFHMgmF4V9Tf0PoU2jmlE75DdGcowxKfQPbrFi+LcgdoCAH4J zZdBcR7VIjeRPGTQZ2yBJdfvREf73W8CGnQqM7Ld+WY4ZO62lKXbeeSFA+El9GFH yxdAliDjPlhrXNAeIuV3RUMy6tSefhCa/W7m6aph4tgpO2FAq6e/DLZkVlx7Qig4 PS8L1LWfDn8x0iBpHkI6jw2je2f/yFyIzYPLlxsYQg9VNUGywDJ0BR2l+Kl6gJ1w luCqcSQq93vrjQpxCi+7wQKrP3hT1AIe3qn45mBCTKtFNKaqyl28kTwM7dlVx31Z F/ibbZClPs1juSOf0MF3MIWnyPbuIIsH7mQ89kbkV6+9awaOdGqe1rae6itVKoBv sdNh5aFhnyykE+gcDWVb =bo9V -----END PGP SIGNATURE-----
--- End Message ---
