Bug#697226: unblock: horgand/1.14-5

Wed, 02 Jan 2013 13:06:16 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package horgand 1.14-5, it fixes the
bug #695467 "Horgand too short buffer" - basically a
a buffer overflow which leads horgand to SIGSEGV at
startup.

Thanks for considering, cheers!

unblock horgand/1.14-5

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff --git a/debian/changelog b/debian/changelog
index 443cb07..6e64cea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+horgand (1.14-5) unstable; urgency=medium
+
+  * Prevent SIGSEGV by fixing a buffer overflow, it was tryng to
+    strcpy() of an 11 char string (+ '\0') into a 10 char fixed
+    array. (Closes: #695467) (LP: #891939)
+
+ -- Alessio Treglia <ales...@debian.org>  Wed, 02 Jan 2013 14:06:58 +0000
+
 horgand (1.14-4) unstable; urgency=low
 
   * Rely on dh-autoreconf rather than call autoreconf -f -i in
diff --git a/debian/patches/03-buffer_overflow.patch b/debian/patches/03-buffer_overflow.patch
new file mode 100644
index 0000000..655727f
--- /dev/null
+++ b/debian/patches/03-buffer_overflow.patch
@@ -0,0 +1,20 @@
+Description: Buffer was too short for chord name
+Author: d...@treblig.org
+Bug-Ubuntu: https://launchpad.net/bugs/891939
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695467
+Forwarded: no
+---
+ src/Holrgan.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- horgand.orig/src/Holrgan.h
++++ horgand/src/Holrgan.h
+@@ -398,7 +398,7 @@ struct Ch3
+ struct Ch4
+ 
+ {
+-  char Nom[10];
++  char Nom[12];
+   int type;
+   int fund;
+   int dist1;
diff --git a/debian/patches/series b/debian/patches/series
index def9ac0..47a5fd8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 01-fix_manpage.patch
 02-binutils_gold.patch
+03-buffer_overflow.patch

Reply via email to