Bug#439927: t1lib security flaw: CVE-2007-4033/#439927
On Thu, 2007-09-27 at 20:12 +0200, Torsten Werner wrote: On 9/17/07, Torsten Werner [EMAIL PROTECTED] wrote: On 9/16/07, Artur R. Czechowski [EMAIL PROTECTED] wrote: The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is vulnerable to CVE-2007-4033 security flaw. I have uploaded a new package to unstable that can be easily backported to etch/lenny. I am attaching the output of debdiff. Do you plan to update the package through security.debian.org? Cheers, Torsten Hi Torsten, I think one should, because php depends on it. It would be nice if any of you could do that at the moment. My laptop kissed me goodbye a few weeks ago together with all my work. I could do it from work, but there I hardly have any time to breathe. Thanks a lot, Ionut -- *** * Ionuţ Georgescu * Max-Planck-Institut für Physik komplexer Systeme * Noethnitzer Str. 38, D-01187 Dresden * Phone: +49 (351) 871-2209 * Fax: +49 (351) 871-1999
Bug#439927: t1lib security flaw: CVE-2007-4033/#439927
On 9/17/07, Torsten Werner [EMAIL PROTECTED] wrote: On 9/16/07, Artur R. Czechowski [EMAIL PROTECTED] wrote: The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is vulnerable to CVE-2007-4033 security flaw. I have uploaded a new package to unstable that can be easily backported to etch/lenny. I am attaching the output of debdiff. Do you plan to update the package through security.debian.org? Cheers, Torsten -- blog: http://twerner.blogspot.com/ homepage: http://www.twerner42.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#439927: t1lib security flaw: CVE-2007-4033/#439927
Hi, On 9/16/07, Artur R. Czechowski [EMAIL PROTECTED] wrote: The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is vulnerable to CVE-2007-4033 security flaw. I have uploaded a new package to unstable that can be easily backported to etch/lenny. I am attaching the output of debdiff. Cheers, Torsten -- blog: http://twerner.blogspot.com/ homepage: http://www.twerner42.de/ debdiff Description: Binary data
Bug#439927: t1lib security flaw: CVE-2007-4033/#439927
forwarded 439927 [EMAIL PROTECTED] tag 439927 patch confirmed upstream severity 439927 serious found 439927 5.1.0-2 thanks Hi, The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is vulnerable to CVE-2007-4033 security flaw. Upstream version 5.1.1 is vulnerable too. Upstream has been informed about the issue. I attached a patch solving the issue. Best regards Artur [1] sarge probably too, I didn't check it. -- Po co mamy ze sobą rozmawiać, skoro tak łatwo się komunikować? /Jean Baudrillard/ --- t1env.c.orig 2007-09-16 19:56:38.319184208 +0200 +++ t1env.c 2007-09-16 20:05:02.057070439 +0200 @@ -611,6 +611,12 @@ #endif strcat( pathbuf, DIRECTORY_SEP); /* And finally the filename: */ +/* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf + let's try next pathbuf */ +if( strlen(pathbuf) + strlen(StrippedName) + 1 sizeof(pathbuf) ) { + i++; + continue; +} strcat( pathbuf, StrippedName); /* Check for existence of the path: */ signature.asc Description: Digital signature