Debian Bug report logs - #278878
rockdodger: obscure buffer overflows

version graph

Package: rockdodger; Maintainer for rockdodger is Martin A. Godisch <godisch@debian.org>; Source for rockdodger is src:rockdodger.

Reported by: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>

Date: Fri, 29 Oct 2004 23:18:02 UTC

Severity: normal

Tags: patch, security

Found in version 0.6.0a-1

Fixed in version rockdodger/0.6.0a-2

Done: Andreas Bombe <aeb@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Andreas Bombe <aeb@debian.org>:
Bug#278878; Package rockdodger. Full text and rfc822 format available.

Acknowledgement sent to Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>:
New Bug report received and forwarded. Copy sent to Andreas Bombe <aeb@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
To: submit@bugs.debian.org
Cc: pad@users.sourceforge.net, steve@shellcode.org
Subject: rockdodger: obscure buffer overflows
Date: Sat, 30 Oct 2004 01:06:13 +0200
[Message part 1 (text/plain, inline)]
Subject: rockdodger: obscure buffer overflows
Package: rockdodger
Version: 0.6.0a-1
Severity: normal
Tags: security patch

Hello,

rockdodger suffers from some obscure buffer overflows. They are placed in
dark corners of the code, so they won't affect all users, but I think they are
worth fixing anyway. I have attached a patch (diff against upstream) that
does so.

// Ulf Harnhammar
   for the
   Debian Security Audit Project

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB

Versions of packages rockdodger depends on:
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libsdl-image1.2             1.2.3-5      image loading library for Simple D
ii  libsdl-mixer1.2             1.2.5-9      mixer library for Simple DirectMed
ii  libsdl1.2debian             1.2.7-10     Simple DirectMedia Layer

-- no debconf information

[rockdodger.sec.patch (text/plain, attachment)]

Reply sent to Andreas Bombe <aeb@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 278878-close@bugs.debian.org (full text, mbox):

From: Andreas Bombe <aeb@debian.org>
To: 278878-close@bugs.debian.org
Subject: Bug#278878: fixed in rockdodger 0.6.0a-2
Date: Sun, 21 Nov 2004 22:47:06 -0500
Source: rockdodger
Source-Version: 0.6.0a-2

We believe that the bug you reported is fixed in the latest version of
rockdodger, which is due to be installed in the Debian FTP archive:

rockdodger_0.6.0a-2.diff.gz
  to pool/main/r/rockdodger/rockdodger_0.6.0a-2.diff.gz
rockdodger_0.6.0a-2.dsc
  to pool/main/r/rockdodger/rockdodger_0.6.0a-2.dsc
rockdodger_0.6.0a-2_i386.deb
  to pool/main/r/rockdodger/rockdodger_0.6.0a-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 278878@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Bombe <aeb@debian.org> (supplier of updated rockdodger package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 22 Nov 2004 04:12:26 +0100
Source: rockdodger
Binary: rockdodger
Architecture: source i386
Version: 0.6.0a-2
Distribution: unstable
Urgency: low
Maintainer: Andreas Bombe <aeb@debian.org>
Changed-By: Andreas Bombe <aeb@debian.org>
Description: 
 rockdodger - Dodge and blow up rocks with your spaceship
Closes: 275634 278878
Changes: 
 rockdodger (0.6.0a-2) unstable; urgency=low
 .
   * Show icon in menu entry (closes: #275634).
   * Fix possible buffer overflow from contents of HOME environment variable
     (closes: #278878).
Files: 
 444ea3f21ab8ed7473e60d417dc0c2e5 632 games optional rockdodger_0.6.0a-2.dsc
 581903f23293f16fc772421fc299bfa1 4007 games optional rockdodger_0.6.0a-2.diff.gz
 7192f00b4fd7d46a8fbc21ec0ebac821 392500 games optional rockdodger_0.6.0a-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBoVm9EYFwMgSICkQRAkhHAJ9xVkGji9xGtB0OWCWrIrrC/qpZewCfT8RX
f0odLdVYPtfQiRa0Cyz0oqA=
=ZIVL
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 05:15:22 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.