Bug#679966: Possible security issues and a temporary fix

[Zoltan Hidvegi]

More info: this is not an upstream issue, it's caused by the
handle-removed-working-dir.patch which is an attempt to fix
#667038. Besides chopping off the last path component of any cd
../name command, it also does sfprintf(shp-strbuf,oldpwd) which is a
problem if oldpwd contains printf formatting escapes, which probably
could be exploited. Workaround is to remove
handle-removed-working-dir.patch which would then reopen #667038.

 -Zoltan



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679966: Possible security issues and a temporary fix

[Oliver Kiddle]

Zoltan Hidvegi wrote:
 More info: this is not an upstream issue, it's caused by the
 handle-removed-working-dir.patch which is an attempt to fix
 #667038. Besides chopping off the last path component of any cd
 ../name command, it also does sfprintf(shp-strbuf,oldpwd) which is a
 problem if oldpwd contains printf formatting escapes, which probably
 could be exploited. Workaround is to remove
 handle-removed-working-dir.patch which would then reopen #667038.

The patch was received from upstream. There's just been a new upstream
release which resolves both issues. So either the patch I got from
upstream relied on other changes since the release or the second issue
was found and fixed later.

Anyway, I've prepared a package of the new release and depending on how
busy my sponsor is it'll hopefully be uploaded before long.

Oliver



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org