Report forwarded to debian-bugs-dist@lists.debian.org, Yooseong Yang <yooseong@debian.org>: Bug#340842; Package unalz.
(full text, mbox, link).
Acknowledgement sent to metaur@telia.com:
New Bug report received and forwarded. Copy sent to Yooseong Yang <yooseong@debian.org>.
(full text, mbox, link).
Subject: unalz: buffer overflow when extracting archives
Package: unalz
Version: 0.52-1
Severity: grave
Justification: user security hole
Tags: security patch sarge etch sid
Hello,
I have found a buffer overflow security vulnerability in unalz. It
occurs when it extracts malicious ALZ archives.
I have attached the archives oflow333.alz (for sarge) and oflow1621.alz
(for testing and unstable), as well as the program alzgen.pl that
generated them and a patch that corrects this issue.
It is also possible to upgrade to the latest upstream version 0.53,
which also corrects it.
// Ulf Härnhammar, Debian Security Audit Project
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages unalz depends on:
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
ii libgcc1 1:4.0.2-2 GCC support library
ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
unalz recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Yooseong Yang <yooseong@debian.org>: Bug#340842; Package unalz.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Yooseong Yang <yooseong@debian.org>.
(full text, mbox, link).
Version: 0.30.1
This bug was fixed in a security upload to stable; marking as closed in that
version.
The changelog entry for this upload was:
unalz (0.30.1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team
* Fix buffer overflow in file name handling, discovered by Ulf Härnhammar
(CVE-2005-3862)
The bug appears to still apply to the version of the package in unstable,
and is marked as such.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org, Yooseong Yang <yooseong@debian.org>: Bug#340842; Package unalz.
(full text, mbox, link).
Acknowledgement sent to "Ulf Harnhammar" <metaur@operamail.com>:
Extra info received and forwarded to list. Copy sent to Yooseong Yang <yooseong@debian.org>.
(full text, mbox, link).
Subject: Re: Bug#340842 acknowledged by developer (Re: unalz: buffer overflow
when extracting archives)
Date: Wed, 15 Mar 2006 10:56:29 +0100
> This bug was fixed in a security upload to stable; marking as closed in that
> version.
>
> The bug appears to still apply to the version of the package in unstable,
> and is marked as such.
The bug looks closed to me.
// Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
Bug reopened, originator not changed.
Request was from "Ulf Harnhammar" <metaur@operamail.com>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 0.30.1, send any further explanations to metaur@telia.com
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Yooseong Yang <yooseong@debian.org>: Bug#340842; Package unalz.
(full text, mbox, link).
Acknowledgement sent to "Ulf Harnhammar" <metaur@operamail.com>:
Extra info received and forwarded to list. Copy sent to Yooseong Yang <yooseong@debian.org>.
(full text, mbox, link).
To: "Ulf Harnhammar" <metaur@operamail.com>, 340842@bugs.debian.org
Cc: vorlon@debian.org
Subject: Re: Bug#340842 acknowledged by developer (Re: unalz: buffer overflow
when extracting archives)
Date: Thu, 16 Mar 2006 18:44:49 +0100
> > The bug appears to still apply to the version of the package in unstable,
> > and is marked as such.
>
> The bug looks closed to me.
It still looks closed (in all versions) to me. Are you sure that that is what you want, instead of - say - fixing it?
// Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
Information forwarded to debian-bugs-dist@lists.debian.org, Yooseong Yang <yooseong@debian.org>: Bug#340842; Package unalz.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Yooseong Yang <yooseong@debian.org>.
(full text, mbox, link).
Subject: Re: Bug#340842 acknowledged by developer (Re: unalz: buffer overflow when extracting archives)
Date: Thu, 16 Mar 2006 10:35:33 -0800
On Thu, Mar 16, 2006 at 06:44:49PM +0100, Ulf Harnhammar wrote:
> > > The bug appears to still apply to the version of the package in unstable,
> > > and is marked as such.
> >
> > The bug looks closed to me.
> It still looks closed (in all versions) to me. Are you sure that that is
> what you want, instead of - say - fixing it?
http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=unalz&dist=unstable
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to metaur@telia.com:
Bug acknowledged by developer.
(full text, mbox, link).
Subject: Re: Bug#340842 acknowledged by developer (Re: unalz: buffer overflow when extracting archives)
Date: Sat, 17 Jun 2006 11:43:39 +0200
Version: 0.55-1
On Thu, Mar 16, 2006 at 10:35:33AM -0800, Steve Langasek wrote:
>> It still looks closed (in all versions) to me. Are you sure that that is
>> what you want, instead of - say - fixing it?
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=unalz&dist=unstable
This was fixed in a QA upload a while ago (0.55-1), since upstream 0.53 fixed
it; the changelog missed it, though. I've verified that the code does indeed
contain the patch given in the patch log, so I'm marking it as closed.
/* Steinar */
--
Homepage: http://www.sesse.net/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 09:09:15 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.