tag 201750 - security severity 201750 important tag 201750 + upstream pending retitle 201750 xlibs: _XlcLocaleDirName() susceptible to buffer overflows thanks
On Thu, Jul 17, 2003 at 12:21:53PM -0400, Mike Furr wrote: > Package: xlibs > Version: 4.2.1-9 > Severity: grave > Tags: security > > The bug described in http://www.securityfocusonline.com/bid/7002 exists in > sid's (presumable sarge, but not woody) xfree libs. > > ie: > XLOCALEDIR=`perl -e 'printf "x" x 8000'` xclock > yields segv. Not a huge impact, but needs to be fixed nonetheless. * As I understand it, this is not a security problem because no privilege escalation is possible due to this buffer oveflow. Xlib ignores the XLOCALEDIR environment variable entirely when running X clients with elevated privileges. Therefore, I am removing the security tag and downgrading the severity of this bug. * This is an upstream flaw, hence the "upstream" tag. * This causes SEGVs on i386 and SIGILLs on PowerPC. For my packages, I regard crashes of this nature as being of "important" severity, hence the new setting. * I have backported the upstream fix for this problem, and it will appear in the next release, 4.2.1-10, hence the "pending" tag. The fix was committed in revisions 312--313 of the XSF Subversion repository. * (for the curious) I am investigating whether the forthcoming 4.3.0-0pre1v1 release to experimental will be affected by this bug. If so, I will patch it there as well. -- G. Branden Robinson | I have a truly elegant proof of the Debian GNU/Linux | above, but it is too long to fit [EMAIL PROTECTED] | into this .signature file. http://people.debian.org/~branden/ |
pgprHfi70X8vr.pgp
Description: PGP signature
