Package: xboard Version: 4.2.7-2 Severity: normal Long -icshost prameters can crash xboard:
[EMAIL PROTECTED]:~/tmp>xboard -ics -icshost $(perl -e 'print "a" x 1000') zsh: segmentation fault xboard -ics -icshost $(perl -e 'print "a" x 1000') This bug is tracked as a security hole in CVE-2004-2552 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2552), but I'm not tagging the bug as a security hole since there is no known attack vector as xboard is not suid and is not normally called by programs with a different set of permissions. So I filed this bug just for completness; there's no reason not to fix the buffer overflow anyway. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages xboard depends on: ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an ii libice6 6.8.2.dfsg.1-11 Inter-Client Exchange library ii libsm6 6.8.2.dfsg.1-11 X Window System Session Management ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-11 X Window System miscellaneous exte ii libxmu6 6.8.2.dfsg.1-11 X Window System miscellaneous util ii libxpm4 6.8.2.dfsg.1-11 X pixmap library ii libxt6 6.8.2.dfsg.1-11 X Toolkit Intrinsics ii xaw3dg 1.5+E-9 Xaw3d widget set ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m Versions of packages xboard recommends: ii xfonts-100dpi 6.8.2.dfsg.1-11 100 dpi fonts for X ii xfonts-75dpi 6.8.2.dfsg.1-11 75 dpi fonts for X -- no debconf information -- see shy jo
signature.asc
Description: Digital signature
