Your message dated Tue, 06 Jun 2006 19:49:41 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#352450: fixed in snarf 7.0-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: snarf: crashes when parsing bad PASV response from server
Package: snarf
Version: 7.0-4
Severity: important
Tags: patch
Hello,
I have found a remote crash bug in snarf.
The code that parses PASV responses from FTP servers doesn't handle the case
where
there are too few commas in the response very well. It will call strchr(3) in a
way
that causes NULL dereferencing, and thus a Segmentation Fault.
I have attached a patch that corrects this issue, and a test server in Perl,
snarf-crasher.pl, that exhibits the problem. You have to configure inetd to use
snarf-crasher.pl as the FTP server, if you want to test it.
// Ulf Harnhammar
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages snarf depends on:
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
snarf recommends no packages.
-- no debconf information
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
snarf-crasher.pl
Description: Binary data
snarf.nullderef.patch
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: snarf
Source-Version: 7.0-5
We believe that the bug you reported is fixed in the latest version of
snarf, which is due to be installed in the Debian FTP archive:
snarf_7.0-5.diff.gz
to pool/main/s/snarf/snarf_7.0-5.diff.gz
snarf_7.0-5.dsc
to pool/main/s/snarf/snarf_7.0-5.dsc
snarf_7.0-5_i386.deb
to pool/main/s/snarf/snarf_7.0-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noah Meyerhans <[EMAIL PROTECTED]> (supplier of updated snarf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 6 Jun 2006 22:32:16 -0400
Source: snarf
Binary: snarf
Architecture: source i386
Version: 7.0-5
Distribution: unstable
Urgency: low
Maintainer: Noah Meyerhans <[EMAIL PROTECTED]>
Changed-By: Noah Meyerhans <[EMAIL PROTECTED]>
Description:
snarf - A command-line URL grabber
Closes: 352450 369037
Changes:
snarf (7.0-5) unstable; urgency=low
.
* Apply patch from Alan Curry <[EMAIL PROTECTED]> to use a different
user agent when talking to Google, since they are denying access to
the standard snarf user agent. (Closes: Bug#369037)
* Apply patch from "Ulf Harnhammar" <[EMAIL PROTECTED]> to avoid
crashing when we get an invalid response to the PASV command from an
FTP server. (Closes: Bug#352450)
* Update policy to version 3.7.2.
* Update DH_COMPAT to 5.
Files:
9fbcdcf004a38e3f61d537fc6c9367de 546 net optional snarf_7.0-5.dsc
d306ec929b852f5a7b52df4aeeb0813c 3209 net optional snarf_7.0-5.diff.gz
9f927966a47d9a861618c64ebb908f95 21818 net optional snarf_7.0-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEhjzlYrVLjBFATsMRAnyiAJ9OESgWP2/lYKFqO858KUtqdQ38NACfYFnS
dBqfHibyaKJxNDVPlSKWDGw=
=zKr9
-----END PGP SIGNATURE-----
--- End Message ---
