Debian Bug report logs - #368400
motor: CVE-2005-3863: stack-based buffer overflow

version graph

Package: motor; Maintainer for motor is (unknown);

Reported by: Alec Berryman <>

Date: Sun, 21 May 2006 22:03:21 UTC

Severity: important

Tags: patch, security

Fixed in version motor/2:3.4.0-6

Done: Krzysztof Krzyzaniak (eloy) <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Krzysztof Krzyzaniak (eloy) <>:
Bug#368400; Package motor. Full text and rfc822 format available.

Acknowledgement sent to Alec Berryman <>:
New Bug report received and forwarded. Copy sent to Krzysztof Krzyzaniak (eloy) <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Alec Berryman <>
To: Debian Bug Tracking System <>
Subject: motor: CVE-2005-3863: stack-based buffer overflow
Date: Sun, 21 May 2006 22:21:38 +0100
Package: motor
Severity: important
Tags: security patch

CVE-2005-3863: "Stack-based buffer overflow in kkstrtext.h in ktools
library 0.3 and earlier, as used in products such as (1) centericq, (2)
orpheus, (3) motor, and (4) groan, allows local users or remote
attackers to execute arbitrary code via a long parameter to the

The affected macro is VGETSTRING, which is used by (among others)
treeview::addleaff in kkconsui/src/, which is used by (among
others) src/ui/ncurses/

This issue appears to affect motor in woody and sarge.

A patch may be found in #340959 [1].  Please mention the CVE in your




Reply sent to Krzysztof Krzyzaniak (eloy) <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alec Berryman <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Krzysztof Krzyzaniak (eloy) <>
Subject: Bug#368400: fixed in motor 2:3.4.0-6
Date: Mon, 22 May 2006 02:17:15 -0700
Source: motor
Source-Version: 2:3.4.0-6

We believe that the bug you reported is fixed in the latest version of
motor, which is due to be installed in the Debian FTP archive:

  to pool/main/m/motor/motor-common_3.4.0-6_all.deb
  to pool/main/m/motor/motor-fribidi_3.4.0-6_i386.deb
  to pool/main/m/motor/motor_3.4.0-6.diff.gz
  to pool/main/m/motor/motor_3.4.0-6.dsc
  to pool/main/m/motor/motor_3.4.0-6_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Krzysztof Krzyzaniak (eloy) <> (supplier of updated motor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Mon, 22 May 2006 10:31:16 +0200
Source: motor
Binary: motor motor-fribidi motor-common
Architecture: source all i386
Version: 2:3.4.0-6
Distribution: unstable
Urgency: low
Maintainer: Krzysztof Krzyzaniak (eloy) <>
Changed-By: Krzysztof Krzyzaniak (eloy) <>
 motor      - C/C++/Java Integrated Development Environment
 motor-common - C/C++/Java Integrated Development Environment
 motor-fribidi - C/C++/Java Integrated Development Environment
Closes: 368400
 motor (2:3.4.0-6) unstable; urgency=low
   * Fixed buffer overflow CVE-2005-3863 found by MITRE, (closes: #368400)
     patch taken from
   * debian/watch: added
   * debian/control:
    - Standards-Version: increased to 3.7.2 without additional changes.
 04ff8e1b2d8d126756edad2e01c3a66d 736 editors optional motor_3.4.0-6.dsc
 ae1590399af0edb0c8fa51f77e285e22 27174 editors optional motor_3.4.0-6.diff.gz
 e6858ac75dae40288f90718deef27747 336936 editors optional motor-fribidi_3.4.0-6_i386.deb
 a41b8ecee38a9e9b76525b548ea790f9 336926 editors optional motor_3.4.0-6_i386.deb
 b395f6ad12dcfa064f1aabc4aa3be11f 153734 editors optional motor-common_3.4.0-6_all.deb

Version: GnuPG v1.4.3 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Sun, 24 Jun 2007 07:52:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sat Apr 19 13:11:35 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.