[Debian-med-packaging] Bug#729276: staden-io-lib-utils: bufferoverflow in index_tar
Sang Kil Cha
sangkilc at cmu.edu
Sat Nov 30 09:01:50 UTC 2013
Hi,
Yes I think I did submitted it to upstream.
I don't have a particular patch, but I believe it is trivial to add a
check for the overflow.
Thanks,
Sang Kil
On Sat, Nov 30, 2013 at 3:40 AM, Charles Plessy <plessy at debian.org> wrote:
> Le Sun, Nov 10, 2013 at 09:20:08PM -0500, Sang Kil Cha a écrit :
>> Package: staden-io-lib-utils
>> Version: 1.12.4-1
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> index_tar has a buffer overflow vulnerability. A PoC file is attached.
>
> Hello,
>
> thanks for the report. Have you also submitted it upstream ? Do you
> have a suggestion on how to solve the problem ?
>
> Cheers,
>
> --
> Charles Plessy
> Debian Med packaging team,
> http://www.debian.org/devel/debian-med
> Tsurumi, Kanagawa, Japan
More information about the Debian-med-packaging
mailing list