The bug has been present since what looks like 2006...
http://cgit.openembedded.org/openembedded/plain/recipes/glibc/files/glibc-2.5-local-dynamic-resolvconf.patch
It's probably present in Debian too:
http://git.net/debian-glibc/txt5w0qWtefJS.txt
--
You received this bug notification because you
tl;dr:
res_init() does not correctly initialize the _res struct.
The code:
res_init();
if(_res.options & RES_INIT) {
printf("RES_INIT set.\n");
} else {
printf("RES_INIT not set.\n");
}
outputs "RES_INIT set." correctly, and that
** Package changed: linux (Ubuntu) => glibc (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1432378
Title:
libresolv res_init() does not correctly inititalize internals
To manage notificatio
No logs required.
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1432378
Title:
libresolv res_init() does not correctly inititali
Link to the eglibc file that Ubuntu uses: http://www.eglibc.org/cgi-
bin/viewvc.cgi/branches/eglibc-2_19/libc/resolv/res_libc.c?view=markup
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1432378
Title:
Public bug reported:
As reported here: https://sourceware.org/bugzilla/show_bug.cgi?id=18126
The bug, however, is not in the sourceware sourcecode, but in the Ubuntu
one.
https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_libc.c;h=ee3fa2114b7051b86f6f9676f1151d1435dedb9d;hb=HEAD#l97
C
Is this one gnome panel clock? Or is this also the indicator?
Thanks
** Attachment added: "Screenshot from 2015-02-19 04:52:43.png"
https://bugs.launchpad.net/ubuntu/+source/indicator-datetime/+bug/1419391/+attachment/4322008/+files/Screenshot%20from%202015-02-19%2004%3A52%3A43.png
--
You
Normal
** Attachment added: "Screenshot from 2015-02-19 02:28:09.png"
https://bugs.launchpad.net/ubuntu/+source/gnome-panel/+bug/1419391/+attachment/4321883/+files/Screenshot%20from%202015-02-19%2002%3A28%3A09.png
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Not normal
** Attachment added: "Screenshot from 2015-02-19 02:27:45.png"
https://bugs.launchpad.net/ubuntu/+source/gnome-panel/+bug/1419391/+attachment/4321884/+files/Screenshot%20from%202015-02-19%2002%3A27%3A45.png
--
You received this bug notification because you are a member of Ubuntu
B
Perhaps I should mention I'm using gnome-session-flashback?
And it was both.
If required, I can re-do it and take a screenshot.
Let me know.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/141
Public bug reported:
When the environment contains LANG=C (in .pam_environment, for example),
the clock in gnome-panel disapears if it is either in 12-hour format, or
it displays seconds.
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gnome-panel 1:3.8.0-1ubuntu12.2
ProcVersionSig
Just for reference: the vulnrable function is parse_error_msg([..]), not
warningv([..]).
I've attached the patch that the maintainer as reccomended for the
latest version of dpkg.
** Patch added:
"0001-libdpkg-Escape-package-and-architecture-on-control-f.patch"
https://bugs.launchpad.net/ubu
Fixed, my bad..
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3127
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389135
Title:
dpkg / dpkg-deb segfault -- possible format
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3127
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389135
Title:
dpkg / dpkg-deb segfault -- possible format string bug/vuln?
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389135
Title:
dpkg / dpkg-deb segfault -- possible format string bug/vuln?
To manage notifi
Yep, I'm right.
control file:
Package: backup
Architecture: %08x.%08x.%08x.%08x.%08x\n
Description: Stuff
maintainer: Joshua Rogers
version: 1
# dpkg-deb/dpkg-deb --build /var/tmp/ok/
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2
I don't have the time/skill to try, but I'm guessing that if you can
somehow actually build the package with that set as the architecture,
unpacking the .deb file will also be vulnerable, which would defintley
be a security-related bug.
My guess is that it _does_ exist in the unpacking phase too,
I think that this is a security bug.
If you make the 'control' file have
Architecture: %08x.%08x.%08x.%08x.%08x
and run --build, it will print five parameters from the stack.
# ./dpkg-deb --build /var/tmp/ok/
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2
package 'b
Just an update on this: It is patched in Ubuntu 14.04.1.
I have identified another bug in DiG which is yet to be patched in any
versions of bind(I only just reported it now), which affects those that
use ipv6.
megamansec@megamansec:~$ lsb_release -a
No LSB modules are available.
Distributor ID: U
Erm, it looks like /usr/bin/dig is actually provided by `dnsutils', not
bind9. Strange.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1258003
Title:
DiG crashes on +nssearch with +tcp [Outdated in U
Public bug reported:
Precursor: 'DiG' is provided in the package "bind9", and the version in DiG is
the same version of bind9.
Whilst running 'DiG', with +ssearch, AND +tcp, on the DiG version that is
available in the repo's("DiG 9.8.1-P1"), the program segfaults with a core dump.
Example:
13:
Under MORE analysis, it does appear to allow command execution, but I can't get
the ls -la working.
I'm a noob at asm.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.1
After more analysis, it may not be vulnerable to command execution.
Not sure.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command exec
perl -e 'print "x"x(2**31)' | grep x > /dev/null
just run that
if that's what you mean by a "reproducer"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerabl
I found this solution worked better when specifying the full pathname of
each file:
root (hd0,0)
install --stage2=/boot/grub/stage2 /boot/grub/stage1 d (hd0) /boot/grub/stage2
p (hd0,0)/boot/grub/menu.lst
--
Grub fails to install corectly on some IBM Intellistations
https://bugs.launchpad.net/b
25 matches
Mail list logo
