On 26/06/13 18:46, Alexandre Rebert wrote: > We found a crash in mtree contained in the freebsd-buildutils package.
The 'full report' is a .tar.bz2 full of stuff. There is a testcase designed to trigger a crash in mtree if used instead of a real specification file. Either through fuzzing or reverse engineering. mtree is typically run as root, but with a trusted specification file, in an untrusted directory tree. So perhaps a real bug but probably not a security issue. > We are planning to submit the bug to the Debian bug tracking system in two > weeks. We wanted to give you a heads-up, so that you some time to assess the > seriousness of the bug before it is publicly disclosed. Mailing the public lists (debian-bsd@, debian-kernel@, ...) probably wasn't intended then... Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51cb7f91.9060...@pyro.eu.org
