On Fri, 16 May 2008, Nico Golde wrote:
- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+ /* Fix CVE-2008-2149: buffer overflows Andreas Tille <[EMAIL
PROTECTED]> */
+ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
Please use snprintf(tmpbuf, sizeof(tmpbuf), ... instead of this.
I just followed
https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/840.html
and unfortuantely it is to late now because the package just hit unstable.
Feel free to NMU if there are any reasons to do so.
Just for the sake of interest: What is the essential difference between
the patch above and snprintf()?
Apart from that I think fixing this for now is fine,
we can issue more updates later.
As Thijs already mentioned, please include the CVE id in
your changelog.
As I said this is just done
Andreas.
--
http://fam-tille.de
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
