tags 625302 + patch
tags 625302 + pending
thanks
Dear maintainer,
I've prepared an NMU for dtach (versioned as 0.8-2.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
diff -u dtach-0.8/debian/changelog dtach-0.8/debian/changelog
--- dtach-0.8/debian/changelog
+++ dtach-0.8/debian/changelog
@@ -1,3 +1,10 @@
+dtach (0.8-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2012-3368: properly handle close request (Closes: #625302).
+
+ -- Luk Claes <l...@debian.org> Mon, 02 Jul 2012 01:53:44 +0200
+
dtach (0.8-2) unstable; urgency=low
* Updated to Policy version 3.8.1
only in patch2:
unchanged:
--- dtach-0.8.orig/attach.c
+++ dtach-0.8/attach.c
@@ -237,12 +237,16 @@
/* stdin activity */
if (n > 0 && FD_ISSET(0, &readfds))
{
+ ssize_t l;
+
pkt.type = MSG_PUSH;
memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+ l = read(0, pkt.u.buf, sizeof(pkt.u.buf));
- if (pkt.len <= 0)
+ if (l <= 0)
exit(1);
+
+ pkt.len = l;
process_kbd(s, &pkt);
n--;
}
