[Bug 1243969] Re: buffer overrun through UDP input
Precise is EoL, removing task. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Precise is EoL, removing task. ** Changed in: flightgear (Ubuntu Precise) Status: New => Won't Fix ** Changed in: simgear (Ubuntu Precise) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
** Changed in: flightgear (Ubuntu) Importance: Undecided => Medium ** Changed in: simgear (Ubuntu) Importance: Undecided => Medium ** Changed in: simgear (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: flightgear (Ubuntu Precise) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
** Also affects: flightgear (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: simgear (Ubuntu Precise) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
I think that's normally handled via "nominate for series" link, but it appears I don't have privileges to do so. Thanks for the confirmation that Quantal and Precise still need fixing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
I should have probably mentioned this needs to be applied to Quantal and Precise as well. I'll need to create new bugs for those, correct? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Thanks Saikrishna! (Why is it I only notice things like a missing "-" in "CVE 2012-2091" after it's too late to fix them?) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
This bug was fixed in the package simgear - 2.6.0-3ubuntu1.1 --- simgear (2.6.0-3ubuntu1.1) raring-security; urgency=low * SECURITY UPDATE: buffer overrun through UDP input (LP: #1243969) - debian/patches/CVE-2012-2091.patch: ensure that the length of what is being read in is less than the maximum, and ensure that the length of the message or the maximum length is read in. - CVE 2012-2091 -- Saikrishna ArcotTue, 22 Oct 2013 13:14:53 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
This bug was fixed in the package flightgear - 2.6.0-1ubuntu1 --- flightgear (2.6.0-1ubuntu1) raring-security; urgency=low * SECURITY UPDATE: buffer overrun via the rotor tag in an aircraft XML model (LP: #1243969) - debian/patches/CVE-2012-2091.patch: use snprintf(), and read in only 256 bytes at most. - CVE 2012-2091 - Prepared by Saikrishna Arcot * Add pthread to SIMGEAR_CORE_LIBRARY_DEPENDENCIES to fix FTBFS. - Prepared by Adam Conrad -- Seth ArnoldThu, 24 Oct 2013 18:46:02 -0800 ** Changed in: flightgear (Ubuntu) Status: Confirmed => Fix Released ** Changed in: simgear (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Saikrishna, no, I've got your fixes merged with Adam's fixes building on my laptop right now, if the end results look good I'll release them later tonight. Thanks, both of you. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Do I need to update my patch and combine the FTBFS fix? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
http://paste.ubuntu.com/6298101/ The above patch fixes the FTBFS, should be able to be uploaded along with the security update. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Correction: 2.6.0-3ubuntu1 refers to simgear 2.6.0-3ubuntu1. ** Changed in: flightgear (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
Here is the debdiff of flightgear sources for Raring. Flightgear FTBFS (even without this debdiff), most likely due to the changes in 2.6.0-3ubuntu1. Until those changes are reverted, flightgear will continue to FTBFS. Note that the libs-underlinkage.patch that was added in that change is not present in Quantal, which also uses 2.6.0. ** Patch added: "debdiff of Flightgear Raring" https://bugs.launchpad.net/ubuntu/+source/simgear/+bug/1243969/+attachment/3889235/+files/flightgearSource.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
The attachment "debdiff of Simgear Raring" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
** Also affects: flightgear (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1243969] Re: buffer overrun through UDP input
** Information type changed from Private Security to Public Security ** Changed in: simgear (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1243969 Title: buffer overrun through UDP input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1243969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs