Your message dated Mon, 1 Mar 2004 00:08:20 +0200 with message-id <[EMAIL PROTECTED]> and subject line Testing fixed has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 14 Jan 2004 21:30:35 +0000 >From [EMAIL PROTECTED] Wed Jan 14 15:30:35 2004 Return-path: <[EMAIL PROTECTED]> Received: from mail.libertysurf.net [213.36.80.91] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Agsaw-0001OE-00; Wed, 14 Jan 2004 15:30:35 -0600 Received: from argos.server.maison (212.129.22.96) by mail.libertysurf.net (6.5.033) id 3FFAFB1D00A9EA11; Wed, 14 Jan 2004 22:30:34 +0100 Received: from prahal by argos.server.maison with local (Exim 3.36 #1 (Debian)) id 1AgsjZ-0003Zi-00; Wed, 14 Jan 2004 22:39:29 +0100 Date: Wed, 14 Jan 2004 22:39:28 +0100 From: Alban Browaeys <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: kdepim-kfile-plugins: KDE Security Advisory: VCF file information reader vulnerability Message-ID: <[EMAIL PROTECTED]> Reply-To: Alban Browaeys <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline X-Reportbug-Version: 2.37 User-Agent: Mutt/1.5.5.1+cvs20040105i Sender: Alban Browaeys <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_01_14 (1.212-2003-09-23-exp) on master.debian.org X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_01_14 X-Spam-Level: --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Package: kdepim-kfile-plugins Version: 3.1.4 Severity: critical Tags: security Justification: root security hole Hem not really root i admit: http://www.kde.org/info/security/advisory-20040114-1.txt A patch for KDE 3.1.4 is available from ftp://ftp.kde.org/pub/kde/security_patches : 26469366cc393e50ff80d6dca8c74c58 post-3.1.4-kdepim-kfile-plugins.diff -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux argos 2.6.1 #2 Sun Jan 11 04:19:23 CET 2004 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="post-3.1.4-kdepim-kfile-plugins.diff" --- vcf/kfile_vcf.cpp 2003-07-16 21:12:41.000000000 +0200 +++ vcf/kfile_vcf.cpp 2003-12-16 15:38:20.000000000 +0100 @@ -90,17 +90,17 @@ while (!done) { // read a line - file.readLine(linebuf, 4096); + file.readLine(linebuf, sizeof(linebuf)); // have we got something useful? if (memcmp(linebuf, id_name, 3) == 0) { // we have a name myptr = linebuf + 3; - strncpy(buf_name, myptr, 999); + strlcpy(buf_name, myptr, sizeof( buf_name )); } else if (memcmp(linebuf, id_email, 15) == 0) { // we have a name myptr = linebuf + 15; - strncpy(buf_email, myptr, 999); + strlcpy(buf_email, myptr, sizeof( buf_email )); } // are we done yet? --17pEHd4RhPHOinZp-- --------------------------------------- Received: (at 227759-done) by bugs.debian.org; 29 Feb 2004 22:08:36 +0000 >From [EMAIL PROTECTED] Sun Feb 29 14:08:36 2004 Return-path: <[EMAIL PROTECTED]> Received: from xdsl-177-5.nblnetworks.fi (watergate.kos.to) [217.30.177.5] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AxZ6y-0006GN-00; Sun, 29 Feb 2004 14:08:36 -0800 Received: from nchip by watergate.kos.to with local (Exim 4.24) id 1AxZ6i-0007yG-La for [EMAIL PROTECTED]; Mon, 01 Mar 2004 00:08:20 +0200 Date: Mon, 1 Mar 2004 00:08:20 +0200 From: Riku Voipio <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Testing fixed Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-message-flag: Warning: message not sent with a DRM-Certified client User-Agent: Mutt/1.5.5.1+cvs20040105i Sender: Riku Voipio <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_27 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no version=2.60-bugs.debian.org_2004_02_27 X-Spam-Level: Hi, We have 3.1.5-1.1 in testing now too. -- Riku Voipio | [EMAIL PROTECTED] | kirkkonummentie 33 | +358 40 8476974 --+-- 02140 Espoo | | dark> A bad analogy is like leaky screwdriver |