Package: staden-io-lib-utils Version: 1.12.4-1 Severity: grave Tags: security Justification: user security hole
index_tar has a buffer overflow vulnerability. A PoC file is attached. $ gdb --args /usr/bin/index_tar foo Program received signal SIGSEGV, Segmentation 0x41414141 in ?? () (gdb) -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages staden-io-lib-utils depends on: ii libc6 2.13-38 ii libstaden-read1 1.12.4-1 staden-io-lib-utils recommends no packages. staden-io-lib-utils suggests no packages. -- no debconf information
foo
Description: Binary data