, Hilmar Preusse hill...@web.de wrote:
On 08.08.12 Silvio Cesare (silvio.ces...@gmail.com) wrote:
Hi Silvio,
Package: luatex
Severity: important
Tags: security
I have been working on a tool called Clonewise to automatically
identify embedded code copies in Debian packages and determine
Apologies. I think you are right.
--
Silvio
On Wed, Aug 8, 2012 at 6:41 PM, Gergely Nagy alger...@balabit.hu wrote:
Silvio Cesare silvio.ces...@gmail.com writes:
Package: likewise-open
I can't find such a package in Debian, nor do I see any removal logs for
it. Are you sure it isn't from
on whether
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
feedparser CLONED_IN_SOURCE calibre unfixed CVE-2011-1156
feedparser CLONED_IN_SOURCE calibre unfixed CVE-2011-1157
feedparser CLONED_IN_SOURCE calibre unfixed CVE
on whether
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
maildrop CLONED_IN_SOURCE courier unfixed CVE-2010-0301
### Reports by package:
###
# Package courier may be vulnerable to the following issues:
#
CVE-2010
on whether
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
feedparser CLONED_IN_SOURCE freevo unfixed CVE-2011-1156
feedparser CLONED_IN_SOURCE freevo unfixed CVE-2011-1157
feedparser CLONED_IN_SOURCE freevo unfixed CVE-2011
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE gdal unfixed CVE-2010-2443
tiff CLONED_IN_SOURCE gdal unfixed CVE-2010-2596
tiff CLONED_IN_SOURCE gdal unfixed CVE-2010-2597
tiff CLONED_IN_SOURCE gdal
will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE libtk-img unfixed CVE-2010-2597
tiff CLONED_IN_SOURCE libtk-img unfixed CVE-2010-4665
tiff CLONED_IN_SOURCE libtk-img unfixed CVE-2011-1167
### Reports by package
are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
curl CLONED_IN_SOURCE likewise-open unfixed CVE-2011-2192
### Reports by package:
###
# Package likewise-open may be vulnerable to the following issues:
#
CVE-2011-2192
# SUMMARY
me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
poppler CLONED_IN_SOURCE luatex unfixed CVE-2010-3703
### Reports by package:
###
# Package luatex may be vulnerable to the following issues:
#
CVE-2010-3703
# SUMMARY: The PostScriptFunction
me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE opencv unfixed CVE-2010-2597
tiff CLONED_IN_SOURCE opencv unfixed CVE-2011-1167
### Reports by package:
###
# Package opencv may be vulnerable to the following issues:
#
CVE
will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
feedparser CLONED_IN_SOURCE planet-venus unfixed CVE-2011-1156
feedparser CLONED_IN_SOURCE planet-venus unfixed CVE-2011-1157
feedparser CLONED_IN_SOURCE planet-venus unfixed CVE-2011-1158
me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE povray unfixed CVE-2010-2597
tiff CLONED_IN_SOURCE povray unfixed CVE-2011-1167
### Reports by package:
###
# Package povray may be vulnerable to the following issues:
#
CVE
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
feedparser CLONED_IN_SOURCE python-django-djblets unfixed CVE-2011-1156
feedparser CLONED_IN_SOURCE python-django-djblets unfixed CVE-2011-1157
feedparser CLONED_IN_SOURCE
me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
webkit CLONED_IN_SOURCE qt4-x11 unfixed CVE-2010-1386
webkit CLONED_IN_SOURCE qt4-x11 unfixed CVE-2010-1760
webkit CLONED_IN_SOURCE qt4-x11 unfixed CVE-2010-1766
### Reports by package:
###
# Package
me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
feedparser CLONED_IN_SOURCE rawdog unfixed CVE-2011-1156
feedparser CLONED_IN_SOURCE rawdog unfixed CVE-2011-1157
feedparser CLONED_IN_SOURCE rawdog unfixed CVE-2011-1158
### Reports by package
will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
libpng CLONED_IN_SOURCE syslinux unfixed CVE-2010-0205
libpng CLONED_IN_SOURCE syslinux unfixed CVE-2010-1205
libpng CLONED_IN_SOURCE syslinux unfixed CVE-2010-2249
libpng CLONED_IN_SOURCE syslinux
improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE vtk unfixed CVE-2010-2597
tiff CLONED_IN_SOURCE vtk unfixed CVE-2011-1167
### Reports by package:
###
# Package vtk may be vulnerable to the following issues:
#
CVE-2010-2597
improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
freetype CLONED_IN_SOURCE vnc4 unfixed CVE-2010-2805
freetype CLONED_IN_SOURCE vnc4 unfixed CVE-2010-2806
freetype CLONED_IN_SOURCE vnc4 unfixed CVE-2010-3311
### Reports by package:
###
# Package vnc4 may
variable as I
posted earlier to trigger.
--
Silvio
On Tue, Jun 7, 2011 at 11:31 PM, Bastien ROUCARIES
roucaries.bast...@gmail.com wrote:
Could you give me a test case ?
On Tue, May 31, 2011 at 4:53 AM, Silvio Cesare silvio.ces...@gmail.com
wrote:
Sorry again for the delays.
It looks like
Sorry again for the delays.
It looks like an off-by-1 in the option parsing code for long options. My
patch is is included.
--
Silvio
diff -ru imagemagick-6.3.7.9.dfsg2/magick/option.c
imagemagick-6.3.7.9.dfsg2-fix/magick/option.c
--- imagemagick-6.3.7.9.dfsg2/magick/option.c 2007-12-13
Sorry for the slow response. The request for more info was lost in my inbox.
$ export MAGICK_DEBUG=aa
$ animate
animate: unable to open X server `'.
$ export MAGICK_DEBUG=$(perl -e 'print A x 1')
$ animate
Segmentation fault
$
--
Silvio
On Thu, Apr 21, 2011 at 11:03 PM, Bastien ROUCARIES
Package: amanda-server
Version: 1:2.5.2p1-4
Severity: important
Tags: security
I have been performing binary static analysis on some of the Debian 5
package repository.
I identified the following problem in amanda-2.5.2/server-src/dumper.c
if (mkpdir(indexfile_tmp, 02755, (uid_t)-1,
Package: xonix
Version: 1.4-23
Severity: important
Tags: security
I have been performing binary static analysis on some of the Debian 5
package repository.
I identified the following problem in xonix/x11.c
memset(score_rec[i].login, 0, 11);
strncpy(score_rec[i].login, pw-pw_name, 10);
Package: libqfits0
Version: 6.2.0-1
Severity: minor
In ./qfits_6.2.0/src/qfits_filename.c
memset(path, MAXNAMESZ, 0);
This should be memset(path, 0, MAXNAMESZ);
Package: ifile
Version: 1.3.8-1
Severity: minor
In ./ifile_1.3.8/primes.c
memset (sieve, (end - start) * sizeof (*sieve), 0);
This should be memset(sieve, 0, (end - start) * sizeof(*sieve));
Package: rstatd
Version: 4.0.1-3
Severity: minor
In ./rstatd_4.0.1/getdata.c:
memset(u, sizeof(u), 0);
...
memset(rx[i], sizeof(regex_t), 0);
...
memset(s, sizeof(struct statsusers), 0);
The 0 should be the second argument, not the third.
Package: rott
Version: 1.0+dfsg-2
Severity: minor
./rott_1.0+dfsg/rt_main.c: memset (pcxHDR, sizeof(PCX_HEADER), 0);
./rott_1.0+dfsg/rt_main.c: memset (buffer1, GAP_SIZE, 0);
The 0 should be the second argument, not the third.
Package: openser
Version: 1.3.2-3
Severity: minor
./openser_1.3.2/modules/xcap_client/xcap_functions.c: memset(buf,
128* sizeof(char), 0);
The 0 should be in the second argument, not the third.
Package: gnat-gps
Version: 4.0.1-6lenny1
Severity: minor
In ./gnat-gps_4.0.1/gvd/tests/language/tests/general_001/parse_c.c
/* Initialize to 0 so that test_parse_c gives reliable results */
memset (Uni2, sizeof (Uni2), 0);
memset (Uni3, sizeof (Uni2), 0);
The 0 should be in the second
Package: freeradius
Version: 2.0.4+dfsg-6
Severity: minor
./freeradius_2.0.4+dfsg/src/lib/dhcp.c:
memset(vp-vp_octets + 11, 8, 0);
The 0 should be in the second argument, not the third.
Package: cnews
Version: cr.g7-40.4
Severity: minor
./cnews_cr.g7/nov/expovguts.c: memset(amap, (size_t)(stop - start), 0);
The 0 should be in the second argument, not the third.
Package: citadel-common
Version: 7.37-8
Severity: minor
./citadel_7.37/modules/pop3/serv_pop3.c: memset(userdigest,
MD5_HEXSTRING_SIZE, 0);
The 0 should be in the second argument, not the third.
Package: bibindex
Version: 2.10-9
Severity: minor
./bibindex_2.10/biblook.c:memset( list, sizeof( HListNode ), 0 ); /*
only the paranoids survive */
The 0 should be in the second argument, not the third.
Package: yics
Version: 0.1.2-3
Severity: minor
./yics_0.1.2/ytoics-c/main.c: memset(players, sizeof(players), 0);
./yics_0.1.2/ytoics-c/main.c: memset(tables, sizeof(tables), 0);
The 0 should be in the second argument, not the third
Package: warsow
Version: 0.42.dfsg1-1
Severity: minor
In ./warsow_0.42.dfsg1/warsow_0.42_src/source/matchmaker/mm_oob.c
memset( server-cmd, sizeof( server-cmd ), 0 );
The 0 should be in the second argument, not the third.
Package: imagemagick
Version: 7.6.3.7.9.dfsg2-1~lenny4
Severity: minor
animate, compare, composite, conjure, convert, display, identify, import,
mogrify, montage, and stream all crash when the MAGICK_DEBUG environment
variable is set to a large size.
Package: arj
Version: 3.10.22-6
Severity: minor
arj crashes when using a long HOME environment variable.
Package: hobbit-client
Version: 4.2.0.dfsg-14lenny3
Severity: minor
Crash in /usr/bin/bbcmd with long BBHOME environment variable.
Package: irssi
Version: 0.8.12-7
Severity: minor
botti crashes when using an unexpected PERL5OPT environment variable.
are describing and may not necessarily be related to the
variable's length.
On Thu, Jan 6, 2011 at 9:49 AM, Bill Allombert
bill.allomb...@math.u-bordeaux1.fr wrote:
On Wed, Jan 05, 2011 at 03:49:20PM +1100, Silvio Cesare wrote:
Package: toppler
Version: 1.1.3-1
Severity: important
Tags
Package: sdr
Version: 3.0-7
Severity: minor
In ./sdr_3.0/src/sap_crypt.c
memset(keylist-keyname, MAXKEYLEN, 0);
memset(keylist-key, MAXKEYLEN, 0);
strncpy(keylist-keyname, keyname, MAXKEYLEN);
strncpy(keylist-key, key, MAXKEYLEN);
It should be memset(keylist-keyname, 0, MAXKEYLEN) etc.
Package: gridengine-qmon
Version: 6.2-4
Severity: minor
./gridengine_6.2/source/clients/qmon/qmon_cluster.c
memset((void*)clen, sizeof(tCClEntry), 0);
...
./gridengine_6.2/source/clients/qmon/qmon_qaction.c
memset((void*)data, sizeof(tQCEntry), 0);
...
Package: frox
Version: 0.7.18-4
Severity: minor
In ./frox_0.7.18/src/bsd.c
memset(addr, sizeof(*addr), 0);
This should be memset(addr, 0, sizeof(*addr))
Package: libfusionsound-1.0-0
Version: 1.0.0-3
Severity: minor
In ./fusionsound_1.0.0/src/media/ifusionsoundmusicprovider.c
memset( ctx.header, sizeof(ctx.header), 0 );
This should be memset(ctx.header, 0, sizeof(ctx.header))
Package: gcx
Version: 0.9.11-4
Severity: minor
In ./gcx_0.9.11/src/showimage.c
memset(geom, sizeof(struct map_geometry), 0);
This should be memset(gem, 0, sizeof(struct map_geometry))
Package: gretl
Version: 1.7.5-1
Severity: minor
In ./gretl_1.7.5/gui2/database.c
memset(gzbuf, GRETL_BUFSIZE, 0);
That should be memset(gzbuf, 0, GRETL_BUFSIZE);
Package: gxemul
Version: 0.4.6.3-1+lenny1
Severity: minor
In ./gxemul_0.4.6.3/experiments/udp_snoop.c
memset((char *)si, sizeof(si), 0);
This should be memset((char *)si, 0, sizeof(si));
Package: kq
Version: 0.99.cvs20070319-1.1
Severity: minor
In ./kq_0.99.cvs20070319/maps/mapdraw2.c
memset (gent[number_of_ents], sizeof (gent[number_of_ents]), 0);
That should be memset(gent[number_of_ents], 0,
sizeof(gent[number_of_ents]));
Package: matchbox-panel
Version: 0.9.3-3
Severity: minor
In ./matchbox-panel_0.9.3/src/panel.c
memset(panel, sizeof(MBPanel), 0);
This should be memset(panel, 0, sizeof(MBPanel))
Package: mnogosearch-common
Version: 3.3.7-3
Severity: minor
In ./mnogosearch_3.3.7/src/proto.c
memset(field,sizeof(field),0);
This should be memset(field, 0, sizeof(field))
Package: php5-suhosin
Version: 0.9.27-1
Severity: minor
In ./php-suhosin_0.9.27/session.c
memset(buf, 4, 0);
This should be memset(buf, 0, 4)
Package: ptunnel
Version: 0.61-2
Severity: minor
In ./ptunnel_0.61/ptunnel.c
memset(addr, sizeof(struct
sockaddr), 0);
This should be memset(addr, 0, sizeof(struct sockaddr))
Package: shell-fm
Version: 0.4+svn20071125.r282-1
Severity: minor
In ./shell-fm_0.4+svn20071125.r282/src/sckif.c
memset(arg, sizeof(arg), 0);
This should be memset(arg, 0, sizeof(arg))
Package: sphinx2-bin
Version: 0.6-2.1
Severity: minor
In ./sphinx2_0.6/src/examples/clicore.c
memset ((char *) addr, sizeof(addr), 0);
This should be memset((char *)addr, 0, sizeof(addr))
Package:
Version: 0.5-2
Severity: minor
In ./_0.5/.c
memset(buf, degree / 8 + 1, 0);
This should be memset(buf, 0, degree / 8 + 1)
Package: xdigger
Version: 1.0.10-13
Severity: important
Tags: security
There is a buffer overflow in xdigger.
xdigger_1.0.10/xdigger.c
strcpy(progname, argv[0]);
I confirmed execv* with a long argv[0] crashes xdigger.
Some other cases in the sound module with copying and strcating pargv/argv
Package: toppler
Version: 1.1.3-1
Severity: important
Tags: security
Toppler crashes when a long HOME environment variable is used. Probably
indicative of a buffer overflow. Toppler is SGID games, so this crash might
potentially lead to privilege escalation.
Package: lbreakout2
Version: 2.5.2-2.1
Severity: important
Tags: security
lbreakout2 crashes when a long HOME environment variable is used. Probably
indicative of a buffer overflow. lbreakout2 is SGID games, so this crash
might potentially lead to privilege escalation.
Package: zhcon
Version: 1:0.2.6-5.2
Severity: important
Tags: security
zhcon crashes when a long GGI_DISPLAY environment variable is used with ggi.
Probably indicative of a buffer overflow. zhcon is SUID root, so this crash
might potentially lead to privilege escalation. I haven't investigated
Package: gnucash
Version: 2.2.6-2
Tags: security
Severity: important
From CVE-2010-3999
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory
name in the LD_LIBRARY_PATH, which allows local users to gain privileges via
a Trojan horse shared library in the current working
Package: libpam-opie
Version: 0.21-8
Severity: important
Tags: security
The opie package has marked this as vulnerable, but libpam-opie has not been
reported yet. Looking at the source, it appears vulnerable to CVE-2010-1938.
Package: gnome-xcf-thumbnailer
Version: 1.0-1
Severity: important
Tags: security
This package embeds xcftools 1.0.4 and is vulnerable to CVE-2009-2175
http://security-tracker.debian.org/tracker/CVE-2009-2175. I have verified
that the patch in bug report
Package: irssi-plugin-silc
Version: 1.1.4-1+lenny
Severity: important
Tags: security
silc-client embeds irssi. irssi has this known vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156. I have
confirmed that the following patch has not been applied
Package: pysol-sound-server
Version: 3.01-1
Severity: important
Tags: security
pysol-sound-server embeds a seemingly forked or stripped copy of libmikmod
3.1.9. This is an older version which has a number of vulnerabilities
associated with it
Package: plt-scheme
Version: 4.0.1-2
Severity: important
Tags: security
plt-scheme embeds a vulnerable version of libgd 2.x and appears to have the
following present
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546. I have looked
at gd_gd.c and it appears the following patch has not
Package: wengophone
Version: 2.1.2.dfsg0-6
Severity: important
Tags: security
wengophone embeds a copy of an old version of gaim which is vulnerable to
cve-2008-2927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927.
There is a related vulnerability from an incorrect fix in
Package: libopenscenegraph7
Version: 2.4.0-1.1
Severity: important
Tags: security
openscenegraph uses an embedded copy of lib3ds 1.1. This version of lib3ds
is vulnerable to http://security-tracker.debian.org/tracker/CVE-2010-0280.
The desired outcome is that openscenegraph use the system wide
Package: xotcl
Version: 1.6.1-1
Severity: important
Tags: security
Xotcl uses an embedded and vulnerable version of the expat library for XML
parsing. At a minimum,
http://security-tracker.debian.org/tracker/CVE-2009-3720 is present from
having a quick review of the relevant source. I have not
Package: mcabber
Version: 0.9.7-0.1
Severity: important
Tags: security
Mcabber uses an embedded and vulnerable version of the expat library for XML
parsing. At a minimum,
http://security-tracker.debian.org/tracker/CVE-2009-3720 is present from
having a quick review of the relevant source. I have
Centerim also embeds expat in libjabber. expat does xml parsing. I have
confirmed that the fix for cve-2009-3720 has not been applied to the
centerim sources. There is another associated expat vulnerability that might
be present also but I have not investigated. They are both denial of
Tags: security
Tagging as security.
Package: albert
Version: 1:0.4.10-4
Severity: important
Tags: security
Albert uses an embedded and vulnerable version of the expat library for xml
parsing. At a minimum,
http://security-tracker.debian.org/tracker/CVE-2009-3720 is present in
albert from having a quick review of the relevant
Package: boson
Version: 0.13-4+b1
Severity: important
Boson uses an embedded copy of lib3ds 1.3. This version of lib3ds is
vulnerable to http://security-tracker.debian.org/tracker/CVE-2010-0280.
I have not investigated the impact of this vulnerability and how it would be
triggered by boson. The
73 matches
Mail list logo
