Package: libcommoncpp2-dev
Version: 1.7.3-1.1
Severity: important
Tags: patch
Dear Maintainer,
When using commoncpp2 on 64 bit systems (as SFLphone does), if gethostbyname
fails, libcommoncpp2 will cause a buffer overflow by doing an incorrect memset.
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise'), (100, 'precise-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcommoncpp2-dev depends on:
ii libccgnu2-1.7-0 1.7.3-1.1
ii libgcrypt11-dev [libgcrypt-dev] 1.5.0-3ubuntu0.1
ii libgnutls-dev 2.12.14-5ubuntu3.1
ii pkg-config 0.26-1ubuntu1
ii zlib1g-dev 1:1.2.3.4.dfsg-3ubuntu4
libcommoncpp2-dev recommends no packages.
Versions of packages libcommoncpp2-dev suggests:
pn libcommoncpp2-doc <none>
-- no debconf information
--- /usr/src/debug/commoncpp2-1.8.1/src/inaddr.cpp 2010-10-31 19:43:40.000000000 -0400
+++ inaddr.cpp 2012-11-16 15:14:16.667082655 -0500
@@ -333,7 +333,7 @@ void IPV4Address::setAddress(const char
if(ipaddr)
delete[] ipaddr;
ipaddr = new struct in_addr[1];
- memset((void *)&ipaddr[0], 0, sizeof(ipaddr));
+ memset((void *)&ipaddr[0], 0, sizeof(ipaddr[0]));
return;
}
