The same patch is applicable to sarge with trivial adjustment.
Ben.
--
Ben Hutchings
If God had intended Man to program,
we'd have been born with serial I/O ports.
signature.asc
Description: This is a digitally signed message part
tags 408530 patch
thanks
Patch for isdnutils:
diff -u isdnutils-3.9.20060704/debian/rules isdnutils-3.9.20060704/debian/rules
--- isdnutils-3.9.20060704/debian/rules
+++ isdnutils-3.9.20060704/debian/rules
@@ -388,6 +388,7 @@
ppp-2.4.4b1 \
vbox-little-endian \
toplevel-mak
clone 408530 -1 -2
reassign -1 asterisk-chan-capi
retitle -1 asterisk-chan-capi: Need a mutex for calls to capi_{cmsg,message}2str
reassign -2 linux-2.6
retitle -2 linux-2.6: capi_{cmsg,message}2str not thread-safe; vulnerable to
buffer overflow
block -1 with 408530
tags -2 upstream
forwarded -2 h
Hi all,
Please notice that the routines in question are also repeated in Linux
kernel in drivers/isdn/capi/capiutil.c [1] and in isdn4k-utils in
capi20/convert.c [2].
[1]
http://chuck.netbsd.sk/source/xref/kernel-2.6.9/linux-2.6.9/drivers/isdn/capi/capiutil.c#838
[2]
http://chuck.netbsd.sk/sour
tags 408530 +security
severity 408530 grave
On Fri, Jan 26, 2007 at 04:34:32PM +0100, John Hughes wrote:
> Package: libcapi20-3
> Version: 1:3.9.20060704-2.2
> Severity: important
> the bufprint routine used by capi_cmsg2str does an unbounded
> vsprintf into a 8192 byte buffer, perhaps hoping it'
Package: libcapi20-3
Version: 1:3.9.20060704-2.2
Severity: important
the bufprint routine used by capi_cmsg2str does an unbounded vsprintf
into a 8192 byte buffer, perhaps hoping it's big enough.
It isn't.
Looks like someone needs some vsnprintf like training wheels.
(around line 898 in "conve
6 matches
Mail list logo
