Ben Hutchings wrote:
"A buffer overrun has been fixed in zcat which happened sometimes when
the '-v, --show-nonprinting' option was used (or indirectly enabled)."
Thanks, Antonio. Will you request a CVE ID for this?
No, but I'm fine if somebody else requests it. The kind of vulnerability
On Wed, 2018-08-01 at 00:51 +0200, Antonio Diaz Diaz wrote:
> Stephen Kitt wrote:
> > Please accept my apologies, I didn’t mean to mischaracterise your work or
> > your emails, and I do appreciate all your efforts in this matter.
>
> I'm sorry I didn't fix it sooner. But I'm happy that I have
Hi Antonio,
On 08/01/2018 02:01 PM, Antonio Diaz Diaz wrote:
> It seems I answered to the wrong bug, sorry.
no problem :)
> The bug fixed in zutils-1.8-pre2 also fixes this one (#904819).
yes, I was going to clean that up, but had to leave (it's closed now).
> Thank you very much Daniel for
On Tue, 31 Jul 2018 10:58:41 +0800 Ben Hutchings wrote:
*** Error in `zcat': free(): invalid next size (normal): 0x016e6980 ***
It seems I answered to the wrong bug[1], sorry. The bug fixed in
zutils-1.8-pre2 also fixes this one (#904819).
[1]
Stephen Kitt wrote:
Please accept my apologies, I didn’t mean to mischaracterise your work or
your emails, and I do appreciate all your efforts in this matter.
I'm sorry I didn't fix it sooner. But I'm happy that I have managed to
assemble a worst-case test file only 8192 bytes long and have
On Tue, 31 Jul 2018 19:29:54 +0200, Antonio Diaz Diaz wrote:
> Stephen Kitt wrote:
> > I did provide a way to reproduce the problem, and Daniel reproduced it;
> > I will readily admit that it's neither convenient nor particularly useful
> > to identify the source of the problem, but dismissing
Stephen Kitt wrote:
I did provide a way to reproduce the problem, and Daniel reproduced it;
I will readily admit that it's neither convenient nor particularly useful
to identify the source of the problem, but dismissing this because
there's no way to reproduce it seems rather unfair to me.
See
Hi Antonio,
Le 31/07/2018 17:05, Antonio Diaz Diaz a écrit :
On Tue, 31 Jul 2018 12:49:32 +0800 Ben Hutchings wrote:
The non-technical problem I see is that your upstream is dismissive of
valid bug reports ("but it's compatible with cat", "this bug is
impossible in C++!"), and that you are
Dear Ben,
I wrote:
"A double-free bug in zutils' zcat is not probable because zutils' zcat
is a C++ program that does not use neither malloc nor free."
You misquoted me as:
"this bug is impossible in C++!"
Please, don't misquote me.
On Tue, 31 Jul 2018 12:49:32 +0800 Ben Hutchings wrote:
On Mon, 2018-07-30 at 20:16 +0200, Daniel Baumann wrote:
> On 07/30/2018 10:28 AM, Ben Hutchings wrote:
> > You still haven't explained why, having fixed a bug, you then reopened
> > and reassigned it.
>
> At the time the bug was filed, it wasn't clear to me if the bug is in
> zutils or in
On Mon, 2018-07-30 at 19:43 +0200, Daniel Baumann wrote:
> On 07/30/2018 06:39 PM, Antonio Diaz Diaz wrote:
> > A double-free bug in zutils' zcat is not probable [...]
>
> Thank you for your explenation, Antonio.
>
> Ben, do you agree that I'll merge #904819 and #903931 again?
No, I do not.
On 07/30/2018 10:28 AM, Ben Hutchings wrote:
> You still haven't explained why, having fixed a bug, you then reopened
> and reassigned it.
At the time the bug was filed, it wasn't clear to me if the bug is in
zutils or in initramfs-tools. I acted quickly to mitigate the problem
(as written in
On 07/30/2018 06:39 PM, Antonio Diaz Diaz wrote:
> A double-free bug in zutils' zcat is not probable [...]
Thank you for your explenation, Antonio.
Ben, do you agree that I'll merge #904819 and #903931 again?
Regards,
Daniel
On Sat, 28 Jul 2018 17:57:54 +0800 Ben Hutchings wrote:
The double-free bug in zutils zcat is presumably still unfixed, so I'm
cloning a separate bug for that.
A double-free bug in zutils' zcat is not probable because zutils' zcat
is a C++ program that does not use neither malloc nor free.
On Mon, 2018-07-30 at 08:46 +0200, Daniel Baumann wrote:
> On 07/28/2018 11:57 AM, Ben Hutchings wrote:
> > > did you see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903931#47
> > > and following?
> >
> > It didn't show up on this bug's message log because you didn't write
> > the control
On 07/28/2018 11:57 AM, Ben Hutchings wrote:
>> did you see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903931#47
>> and following?
>
> It didn't show up on this bug's message log because you didn't write
> the control commands properly.
I first dealt with #903931 by writing to it, and
Control: tag -1 - moreinfo
Control: unmerge -1
Control: reassign -1 zutils
Control: clone -1 -2
Control: retitle -1 zutils installs an incompatible replacement for GNU zcat
Control: close -1 1.7-2
Control: retitle -2 Double-free when using zutils zcat -t on some input
Control: severity -2
On 07/28/2018 11:05 AM, Ben Hutchings wrote:
>>* Skipping zcat for now (Closes: #902936, #903931).
> [...]
>
> But you didn't actually do that.
when installing zutils 1.7-2, /bin/zcat remains untouched. can you
please elaborate why you think i "didn't actually do that"?
> And now you've
Control: tag -1 moreinfo
On Wed, 25 Jul 2018 09:35:39 + Daniel Baumann
wrote:
[...]
>* Skipping zcat for now (Closes: #902936, #903931).
[...]
But you didn't actually do that.
And now you've reassigned this back to initramfs-tools with no
explanation.
It doesn't matter what the input
19 matches
Mail list logo
