Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Dear RMs, Please accept this stable upload for #625302 CVE-2012-3368 random text sent on window close The patch is the same as in 0.8-2.1: [2012-07-07] dtach 0.8-2.1 MIGRATED to testing (Britney) Thanks, Stefan -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
diff -u dtach-0.8/debian/changelog dtach-0.8/debian/changelog --- dtach-0.8/debian/changelog +++ dtach-0.8/debian/changelog @@ -1,3 +1,9 @@ +dtach (0.8-2+squeeze1) stable; urgency=low + + * Fix CVE-2012-3368: properly handle close request (Closes: #625302). + + -- Stefan Völkel <ste...@bc-bd.org> Thu, 07 Feb 2013 17:04:48 +0100 + dtach (0.8-2) unstable; urgency=low * Updated to Policy version 3.8.1 only in patch2: unchanged: --- dtach-0.8.orig/attach.c +++ dtach-0.8/attach.c @@ -237,12 +237,16 @@ /* stdin activity */ if (n > 0 && FD_ISSET(0, &readfds)) { + ssize_t l; + pkt.type = MSG_PUSH; memset(pkt.u.buf, 0, sizeof(pkt.u.buf)); - pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); + l = read(0, pkt.u.buf, sizeof(pkt.u.buf)); - if (pkt.len <= 0) + if (l <= 0) exit(1); + + pkt.len = l; process_kbd(s, &pkt); n--; }