Bug#497441: Broken security patch for WordNet
tillea at rki.de
Fri Sep 5 13:30:07 UTC 2008
in http://bugs.debian.org/497441 a patch is provided that should fix
several security problems. When investigating into the problem that
WordNet stopped working as usual when looking for synonym sets like
$ wordnet test -synsn
which should not only print
6 senses of test
but also the six senses with explanation I found the critical part
in the provided patch. I extracted it to
and I would like you to pronounce your opinion to my comment in the
header which says:
This part of the patch is completely broken, breaks funktionality of
wordnet test -synsn
and I really wonder in how far a "strcpy(bufstart, tmpbuf);" is a
security fix compared to "strncpy(bufstart, tmpbuf, strlen(tmpbuf));"
Who did this patch????
I have no idea who did this patch and how to reach this person, but besides
breaking the functionality of the program IMHO this is a terrible thing
security wise. I would really like to get this patch revised for further
problems like this.
What would be the best strategy to fix the packages in Debian?
I could upload packages to unstable without this part of the
patch - it's just in SVN. But I have serious doubt about the
More information about the debian-science-maintainers