Hi,
I uploaded an NMU of your package.
Please see this as help to get the package into a releaseable condition again.
Please find the used diff below.
Cheers,
Andi
diff -Nur ../tinymux-2.4.3.31~/debian/changelog
../tinymux-2.4.3.31/debian/changelog
--- ../tinymux-2.4.3.31~/debian/changelog 2007-06-23 13:49:48.000000000
+0000
+++ ../tinymux-2.4.3.31/debian/changelog 2007-06-23 13:51:26.000000000
+0000
@@ -1,3 +1,10 @@
+tinymux (2.4.3.31-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix buffer overflow CVE-2007-1655. Closes: #417539
+
+ -- Andreas Barth <[EMAIL PROTECTED]> Sat, 23 Jun 2007 13:49:59 +0000
+
tinymux (2.4.3.31-1) unstable; urgency=low
* New upstream release
diff -Nur ../tinymux-2.4.3.31~/src/funmath.cpp
../tinymux-2.4.3.31/src/funmath.cpp
--- ../tinymux-2.4.3.31~/src/funmath.cpp 2006-09-12 00:11:01.000000000
+0000
+++ ../tinymux-2.4.3.31/src/funmath.cpp 2007-06-23 13:52:05.000000000 +0000
@@ -311,7 +311,8 @@
}
char *cp = trim_space_sep(fargs[0], &sep);
- while (cp)
+ while ( cp
+ && n < (LBUF_SIZE+1)/2)
{
char *curr = split_token(&cp, &sep);
g_aDoubles[n++] = mux_atof(curr);
--
http://home.arcor.de/andreas-barth/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
