Your message dated Sat, 28 Jan 2006 14:02:24 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#350274: fixed in git-core 1.1.5-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Jan 2006 14:24:17 +0000
>From [EMAIL PROTECTED] Sat Jan 28 06:24:17 2006
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de ([212.9.189.167])
by spohr.debian.org with esmtp (Exim 4.50)
id 1F2qzx-0008Fh-0g
for [EMAIL PROTECTED]; Sat, 28 Jan 2006 06:24:17 -0800
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by mail.enyo.de with esmtp id 1F2qzu-0007kb-VQ
for [EMAIL PROTECTED]; Sat, 28 Jan 2006 15:24:15 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1F2qzu-00039G-68
for [EMAIL PROTECTED]; Sat, 28 Jan 2006 15:24:14 +0100
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Buffer overflow in symlink handling
Date: Sat, 28 Jan 2006 15:24:14 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: git-core
Severity: grave
Tags: security
A buffer overflow bug has been discovered in GIT. Upstream version
1.1.5 fixes it, too.
Author: Junio C Hamano <[EMAIL PROTECTED]> 2006-01-27 23:44:07
Committer: Junio C Hamano <[EMAIL PROTECTED]> 2006-01-27 23:44:07
Parent: e921fb82cf6fb4a5f138ec9d27bc37c658336a8c (git-fetch-pack: really do not
ask for funny refs)
Child: ca182053c7710a286d72102f4576cf32e0dafcfb (GIT 1.0.13)
checkout: do not make a temporary copy of symlink target.
If the index records an insanely long symbolic link, copying
into the temporary would overflow the buffer (noticed by Mark
Wooding).
Because read_sha1_file() terminates the returned buffer with NUL
since late May 2005, there is no reason to copy it anymore.
Signed-off-by: Junio C Hamano <[EMAIL PROTECTED]>
----------------------------------- entry.c -----------------------------------
index 410b758..6c47c3a 100644
@@ -68,11 +68,10 @@ static int write_entry(struct cache_entr
int fd;
void *new;
unsigned long size;
long wrote;
char type[20];
- char target[1024];
new = read_sha1_file(ce->sha1, type, &size);
if (!new || strcmp(type, "blob")) {
if (new)
free(new);
@@ -92,16 +91,14 @@ static int write_entry(struct cache_entr
free(new);
if (wrote != size)
return error("git-checkout-index: unable to write file
%s", path);
break;
case S_IFLNK:
- memcpy(target, new, size);
- target[size] = '\0';
- if (symlink(target, path)) {
+ if (symlink(new, path)) {
free(new);
- return error("git-checkout-index: unable to create
symlink %s (%s)",
- path, strerror(errno));
+ return error("git-checkout-index: unable to create "
+ "symlink %s (%s)", path, strerror(errno));
}
free(new);
break;
default:
free(new);
---------------------------------------
Received: (at 350274-close) by bugs.debian.org; 28 Jan 2006 22:10:27 +0000
>From [EMAIL PROTECTED] Sat Jan 28 14:10:27 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F2y9I-0002Ru-As; Sat, 28 Jan 2006 14:02:24 -0800
From: Gerrit Pape <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#350274: fixed in git-core 1.1.5-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 28 Jan 2006 14:02:24 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: git-core
Source-Version: 1.1.5-1
We believe that the bug you reported is fixed in the latest version of
git-core, which is due to be installed in the Debian FTP archive:
git-arch_1.1.5-1_all.deb
to pool/main/g/git-core/git-arch_1.1.5-1_all.deb
git-core_1.1.5-1.diff.gz
to pool/main/g/git-core/git-core_1.1.5-1.diff.gz
git-core_1.1.5-1.dsc
to pool/main/g/git-core/git-core_1.1.5-1.dsc
git-core_1.1.5.orig.tar.gz
to pool/main/g/git-core/git-core_1.1.5.orig.tar.gz
git-cvs_1.1.5-1_all.deb
to pool/main/g/git-core/git-cvs_1.1.5-1_all.deb
git-doc_1.1.5-1_all.deb
to pool/main/g/git-core/git-doc_1.1.5-1_all.deb
git-email_1.1.5-1_all.deb
to pool/main/g/git-core/git-email_1.1.5-1_all.deb
git-svn_1.1.5-1_all.deb
to pool/main/g/git-core/git-svn_1.1.5-1_all.deb
gitk_1.1.5-1_all.deb
to pool/main/g/git-core/gitk_1.1.5-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerrit Pape <[EMAIL PROTECTED]> (supplier of updated git-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Jan 2006 20:16:44 +0000
Source: git-core
Binary: git-email git-svn gitk git-core git-arch git-doc git-cvs
Architecture: all source
Version: 1.1.5-1
Distribution: unstable
Urgency: high
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Gerrit Pape <[EMAIL PROTECTED]>
Description:
git-arch - content addressable filesystem (arch interoperability)
git-core - content addressable filesystem
git-cvs - content addressable filesystem (cvs interoperability)
git-doc - content addressable filesystem (documentation)
git-email - content addressable filesystem (email add-on)
git-svn - content addressable filesystem (svn interoperability)
gitk - content addressable filesystem (revision tree visualizer)
Closes: 350274
Changes:
git-core (1.1.5-1) unstable; urgency=high
.
* new upstream release.
* checkout: do not make a temporary copy of symlink target.
If the index records an insanely long symbolic link, copying
into the temporary would overflow the buffer (noticed by Mark
Wooding). (closes: #350274).
Files:
7243e31e1dcd2ed259e4d587c4496f73 700 devel optional git-core_1.1.5-1.dsc
202eeac48028c967af287033fd8231f3 572661 devel optional
git-core_1.1.5.orig.tar.gz
620665c7cfacbdb45cd3bc9e4514d5a4 6177 devel optional git-core_1.1.5-1.diff.gz
cbdc012fd145005f3316eac9a49d156f 274740 doc optional git-doc_1.1.5-1_all.deb
52b72d08a6155b185c1fe73a034546a3 18406 devel optional git-arch_1.1.5-1_all.deb
bbd8edb24089c7b5d566b86f114c2575 17648 devel optional git-cvs_1.1.5-1_all.deb
c6c300d6111c1ad418a5d0ae5b2e57b9 14310 devel optional git-svn_1.1.5-1_all.deb
b8510467b7f100a49599091102f7d2b4 9882 devel optional git-email_1.1.5-1_all.deb
2beddb085f342d7de7dd30dc7a17fbf5 34674 devel optional gitk_1.1.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD29wGGJoyQbxwpv8RAtexAJ4olen8XhqGHgafAnnOImCckSPJXgCfYfuL
qk28HoQfai6+kqlEilE32kI=
=cMZW
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
