Hi, I am about to make a new security upload (through my sponsor) for elog: elog_2.5.7+r1558-3 against the testing-proposed-updates archive. The new package fixes a buffer overflow[1] (which has no CVE id). For your convenience, I attached the output from debdiff (2.5.7+r1558-2 to 2.5.7+r1558-3).
I'll also upload a new package against the unstable, which includes the security fix. Let me know if I need/should do anything else. Best regards, [1] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.647;r2=1.648;f=h -- roktas
diff -u elog-2.5.7+r1558/src/elogd.c elog-2.5.7+r1558/src/elogd.c --- elog-2.5.7+r1558/src/elogd.c +++ elog-2.5.7+r1558/src/elogd.c @@ -942,7 +942,7 @@ int return_buffer_size; int strlen_retbuf; int keep_alive; -char header_buffer[1000]; +char header_buffer[20000]; int return_length; char host_name[256]; char referer[256]; @@ -21218,6 +21218,8 @@ if (p != NULL) { length = strlen(p + 4); header_length = (int) (p - return_buffer); + if (header_length+100 > sizeof(header_buffer)) + header_length = sizeof(header_buffer)-100; memcpy(header_buffer, return_buffer, header_length); sprintf(header_buffer + header_length, "\r\nContent-Length: %d\r\n\r\n", length); send(_sock, header_buffer, strlen(header_buffer), 0); reverted: --- elog-2.5.7+r1558/debian/dirs +++ elog-2.5.7+r1558.orig/debian/dirs @@ -1,2 +0,0 @@ -usr/bin -usr/sbin diff -u elog-2.5.7+r1558/debian/changelog elog-2.5.7+r1558/debian/changelog --- elog-2.5.7+r1558/debian/changelog +++ elog-2.5.7+r1558/debian/changelog @@ -1,3 +1,11 @@ +elog (2.5.7+r1558-3) testing-proposed-updates; urgency=high + + * Security update. Backport the fix (r1.648) for a buffer overflow: + http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.647;r2=1.648 + * Remove redundant debian/dirs file. + + -- Recai OktaÅ? <[EMAIL PROTECTED]> Sun, 29 May 2005 19:23:57 +0300 + elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high * Fix a possible buffer overflow.
signature.asc
Description: Digital signature