Subject: keynote: segfault on incorrect input
Package: keynote
Version: 2.3-11
Severity: normal
Calling keynote to verify a signature on a erroneous input may lead to
segfault instead of printing "Signature on assertion 0 verified." and
returning -1.
[EMAIL PROTECTED]:~$ cat test
Authorizer: foo
[EMAIL PROTECTED]:~$ keynote sigver test
Erreur de segmentation
This can be reproduced using foo or even the "POLICY" keyword. Provided
keynote is used for security purpose such a bug might possibly be
exploited and further checking should perhaps be done on input.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-rc7-mm2=porcinet
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages keynote depends on:
ii libc6 2.5-4 GNU C Library: Shared libraries
ii libkeynote0 2.3-11 Decentralized
Trust-Management sys
ii libssl0.9.8 0.9.8e-4 SSL shared libraries
keynote recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
