Debian Bug report logs -
#179338
slocate may cause buffer overflow, and new upstream version (2.7) was released
Reported by: Hideki Yamane <henrich@samba.gr.jp>
Date: Sat, 1 Feb 2003 16:48:03 UTC
Severity: grave
Tags: fixed, security, upstream
Found in version 2.6-1.4
Done: Kevin Lindsay <klindsay@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, R Garth Wood <rgwood@debian.org>, slocate@packages.qa.debian.org:
Bug#179338; Package slocate.
(full text, mbox, link).
Acknowledgement sent to Hideki Yamane <henrich@samba.gr.jp>:
New Bug report received and forwarded. Copy sent to R Garth Wood <rgwood@debian.org>, slocate@packages.qa.debian.org.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: slocate
Version: 2.6-1.4
Severity: grave
Justification: user security hole
Dear slocate maintainer,
I found CVE report about slocate local buffer overflow vulnerability,
(this is now still under review) and new upstream version was released.
(slocate 2.7)
the report in bugtraq said this vulnerability was found under Redhat
system, so Debian's slocate may not be affected that, but it is better
that check and fix or new version release as soon as possible, I think.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux intoeyes 2.4.21-pre1 #1 2002ǯ 12·î 16Æü ·îÍËÆü 22:18:03 JST i686
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP
Versions of packages slocate depends on:
ii adduser 3.49 Add and remove users and groups
ii dpkg 1.10.9 Package maintenance system for Deb
ii libc6 2.3.1-10 GNU C Library: Shared libraries an
-- no debconf information
regards,
Hideki Yamane <henrich@samba.gr.jp>
Samba Users Group Japan -- http://www.samba.gr.jp
Tags added: security
Request was from "J.H.M. Dassen (Ray)" <dm@zensunni.demon.nl>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: upstream
Request was from "J.H.M. Dassen (Ray)" <dm@zensunni.demon.nl>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, R Garth Wood <rgwood@debian.org>, slocate@packages.qa.debian.org:
Bug#179338; Package slocate.
(full text, mbox, link).
Acknowledgement sent to Hideki Yamane <henrich@samba.gr.jp>:
Extra info received and forwarded to list. Copy sent to R Garth Wood <rgwood@debian.org>, slocate@packages.qa.debian.org.
(full text, mbox, link).
Message #14 received at 179338@bugs.debian.org (full text, mbox, reply):
ah, I forgot to write URI about CVE info.
please see CAN-2003-0056
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
---------
Hideki Yamane mailto:henrich@samba.gr.jp
Samba Users Group Japan http://www.samba.gr.jp
Tags added: fixed
Request was from Kevin Lindsay <klindsay@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Kevin Lindsay <klindsay@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Hideki Yamane <henrich@samba.gr.jp>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #21 received at 179338-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Closing old NMU bug.
---------------------------------------------------
Kevin Lindsay
Fingerprint: 81E 58A3 B49A 580E EE3D 8CF0 519A 55F0 746C 51F4
Key Id: 746C51F4
[Message part 2 (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jun 4 21:21:46 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.