On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote: > On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote: > > On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote: > > > > > I have prepared a package in SVN which is ready for upload. Before doing > > > so, Moritz, can you look at this additional patch I found in the 2.4 SVN > > > branch? > > > > > > svn diff -r4780:4781 > > > svn://svn.clusterresources.com/torque/branches/2.4-fixes > > > > > > What do you think, should we add that too? There are no additional CVEs > > > for Torque, apparently so maybe this can't be used as an attack vector? > > > > Whether this is exploitable depends very much on the context and I'm not > > familiar with torque, but we should include the fix to err on the safe side. > > > > > Packages (without this second patch) are in my homedir in people.d.o, and > > > signed. I'm going offline until monday morning, so if you check them out > > > and see everything looks good, feel free to move them to the queue. > > > > I'm leaving from DebConf shortly and won't be having proper internet > > access for a few days. Please upload the packages when you find the > > time, we can then process the DSA. > > As this bug is ageing quite nicely I've taken the liberty of uploading > Jordi's package with the additional patch folded in to security-master. > > The changelog: > > torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low > > [ Jordi Mallach ] > * [CVE_2011_2193]: Fix two potential buffer overflows: > jobid length and hostname length weren't properly checked, > and these both allow segfaults/buffer overflow attacks within > the code. > * Update Vcs-* fields to point to the new squeeze branch. > > [ Jonathan Wiltshire ] > * Non-maintainer upload. > * buffer_overflow_in_checkpoint_c.patch: Fix a potential buffer > overflow problem in mom_checkpoint_recover > > It has had only limited testing because I don't have the resources > available for a thorough test.
There's a new issue, which should be included: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2907 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
