Debian Bug report logs -
#414010
missing NULL pointer check in 15_passwdmgr.dpatch
Reported by: Sam Hocevar <sam@zoy.org>
Date: Thu, 8 Mar 2007 13:36:01 UTC
Severity: serious
Tags: patch
Found in version iceape/1.0.8-1
Fixed in version iceape/1.0.8-3
Done: Mike Hommey <glandium@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Mike Hommey <glandium@debian.org>:
Bug#413991; Package libxul0d.
(full text, mbox, link).
Acknowledgement sent to Sam Hocevar <sam@zoy.org>:
New Bug report received and forwarded. Copy sent to Mike Hommey <glandium@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libxul0d
Version: 1.8.0.10-1
Severity: important
Tags: patch
15_passwdmgr.dpatch allows userField to be NULL but forgets to
check for its value at line 1007. Attached is a fixed version of
the patch.
I'm wary to make this bug grave, but it causes a lot of websites to
crash galeon and lose my sessions so feel free to increase its severity.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (50, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20.1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libxul0d depends on:
ii libatk1.0-0 1.12.4-2 The ATK accessibility toolkit
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libcairo2 1.2.4-4 The Cairo 2D vector graphics libra
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libgcc1 1:4.1.1-21 GCC support library
ii libglib2.0-0 2.12.6-2 The GLib library of C routines
ii libgtk2.0-0 2.8.20-7 The GTK+ graphical user interface
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libmozjs0d 1.8.0.10-1 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 1.8.0.10-1 NetScape Portable Runtime Library
ii libnss3-0d 1.8.0.10-1 Network Security Service libraries
ii libpango1.0-0 1.14.8-5 Layout and rendering of internatio
ii libpng12-0 1.2.15~beta5-1 PNG library - runtime
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-5 X11 client-side library
ii libxft2 2.1.8.2-8 FreeType-based font drawing librar
ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii libxul-common 1.8.0.10-1 Gecko engine library - common file
ii zlib1g 1:1.2.3-13 compression library - runtime
libxul0d recommends no packages.
-- no debconf information
[15_passwdmgr.dpatch (application/x-shellscript, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Mike Hommey <glandium@debian.org>:
Bug#413991; Package libxul0d.
(full text, mbox, link).
Acknowledgement sent to Mike Hommey <mh@glandium.org>:
Extra info received and forwarded to list. Copy sent to Mike Hommey <glandium@debian.org>.
(full text, mbox, link).
Message #10 received at 413991@bugs.debian.org (full text, mbox, reply):
severity 413991 serious
clone 413991 -1
reassign -1 iceape 1.0.8-1
thanks
On Thu, Mar 08, 2007 at 02:34:43PM +0100, Sam Hocevar wrote:
> Package: libxul0d
> Version: 1.8.0.10-1
> Severity: important
> Tags: patch
>
> 15_passwdmgr.dpatch allows userField to be NULL but forgets to
> check for its value at line 1007. Attached is a fixed version of
> the patch.
>
> I'm wary to make this bug grave, but it causes a lot of websites to
> crash galeon and lose my sessions so feel free to increase its severity.
Dammit, this was introduced in xulrunner 1.8.0.10-1 and iceape 1.0.8-1. The
patch used to be complete, and I somehow ended up removing this part thinking
it was applied upstream O_O. Where was my mind back then ?
Mike
Severity set to `serious' from `important'
Request was from Mike Hommey <mh@glandium.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Mike Hommey <glandium@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Sam Hocevar <sam@zoy.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #21 received at 414010-close@bugs.debian.org (full text, mbox, reply):
Source: iceape
Source-Version: 1.0.8-3
We believe that the bug you reported is fixed in the latest version of
iceape, which is due to be installed in the Debian FTP archive:
iceape-browser_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-browser_1.0.8-3_i386.deb
iceape-calendar_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-calendar_1.0.8-3_i386.deb
iceape-chatzilla_1.0.8-3_all.deb
to pool/main/i/iceape/iceape-chatzilla_1.0.8-3_all.deb
iceape-dbg_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-dbg_1.0.8-3_i386.deb
iceape-dev_1.0.8-3_all.deb
to pool/main/i/iceape/iceape-dev_1.0.8-3_all.deb
iceape-dom-inspector_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-dom-inspector_1.0.8-3_i386.deb
iceape-gnome-support_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-gnome-support_1.0.8-3_i386.deb
iceape-mailnews_1.0.8-3_i386.deb
to pool/main/i/iceape/iceape-mailnews_1.0.8-3_i386.deb
iceape_1.0.8-3.diff.gz
to pool/main/i/iceape/iceape_1.0.8-3.diff.gz
iceape_1.0.8-3.dsc
to pool/main/i/iceape/iceape_1.0.8-3.dsc
iceape_1.0.8-3_all.deb
to pool/main/i/iceape/iceape_1.0.8-3_all.deb
mozilla-browser_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-browser_1.8+1.0.8-3_all.deb
mozilla-calendar_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-calendar_1.8+1.0.8-3_all.deb
mozilla-chatzilla_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-chatzilla_1.8+1.0.8-3_all.deb
mozilla-dev_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-dev_1.8+1.0.8-3_all.deb
mozilla-dom-inspector_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-dom-inspector_1.8+1.0.8-3_all.deb
mozilla-js-debugger_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-js-debugger_1.8+1.0.8-3_all.deb
mozilla-mailnews_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-mailnews_1.8+1.0.8-3_all.deb
mozilla-psm_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla-psm_1.8+1.0.8-3_all.deb
mozilla_1.8+1.0.8-3_all.deb
to pool/main/i/iceape/mozilla_1.8+1.0.8-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 414010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated iceape package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 8 Mar 2007 18:50:21 +0100
Source: iceape
Binary: mozilla iceape-browser mozilla-calendar mozilla-js-debugger iceape iceape-calendar iceape-dom-inspector mozilla-psm mozilla-chatzilla mozilla-mailnews iceape-dbg iceape-gnome-support mozilla-dom-inspector iceape-dev iceape-chatzilla mozilla-browser iceape-mailnews mozilla-dev
Architecture: source all i386
Version: 1.0.8-3
Distribution: unstable
Urgency: low
Maintainer: Mike Hommey <glandium@debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description:
iceape - The Iceape Internet Suite
iceape-browser - Iceape Navigator (Internet browser) and Composer
iceape-calendar - Iceape Calendar
iceape-chatzilla - Iceape Chatzilla IRC client
iceape-dbg - Debugging symbols for the Iceape Internet Suite
iceape-dev - Development files for the Iceape Internet Suite
iceape-dom-inspector - DOM inspector for the Iceape Internet Suite
iceape-gnome-support - Gnome support for the Iceape Internet Suite
iceape-mailnews - Iceape Mail & Newsgroups and Address Book
mozilla - Transition package for the Iceape Internet Suite
mozilla-browser - Transition package for Iceape Navigator and Composer
mozilla-calendar - Transition package for Iceape Calendar
mozilla-chatzilla - Transition package for Iceape Chatzilla IRC client
mozilla-dev - Transition package for development file for the Iceape Internet S
mozilla-dom-inspector - Transition package for the DOM Inspector for the Iceape Internet
mozilla-js-debugger - Transition package for venkman
mozilla-mailnews - Transition package for Iceape Mail & Newsgroups and Address Book
mozilla-psm - Transition package for Iceape Navigator
Closes: 414010
Changes:
iceape (1.0.8-3) unstable; urgency=low
.
* debian/patches/15_passwdmgr.dpatch: Restore parts that were actually
NOT applied upstream, and adapt them. Thanks Sam Hocevar for spotting
this. Closes: #414010.
Files:
4492ba7a442de2d3595e2511c185360c 1393 net optional iceape_1.0.8-3.dsc
999595b5d0e0ba6f5d27bb76049b88c3 276626 net optional iceape_1.0.8-3.diff.gz
a5e7af1c176eb39d2d3083ec2821778d 27246 web optional iceape_1.0.8-3_all.deb
c165fc60454a3f15cfc0eecc50af8030 3654058 devel optional iceape-dev_1.0.8-3_all.deb
4f0b67f9fe0a88d8df2874b00b8e3371 278094 net optional iceape-chatzilla_1.0.8-3_all.deb
6172dbfc33f3846d0e26d4761bf49de5 25840 web optional mozilla_1.8+1.0.8-3_all.deb
ea8488b78d273061ae06205e742d25c0 26776 web optional mozilla-browser_1.8+1.0.8-3_all.deb
d78a7d97064f10ffab369713ae235996 25978 devel optional mozilla-dev_1.8+1.0.8-3_all.deb
31c9384ae2d4a75604b52c55074764b3 25866 mail optional mozilla-mailnews_1.8+1.0.8-3_all.deb
ab7b613db5e9b2371bab3ad1883cd3b4 25862 net optional mozilla-chatzilla_1.8+1.0.8-3_all.deb
f0c8dd6a29b28444e31fb09a3213cd25 25854 web optional mozilla-psm_1.8+1.0.8-3_all.deb
ba71bbe5b2542dd38bdf703b668dd7fe 25886 web optional mozilla-dom-inspector_1.8+1.0.8-3_all.deb
8da0264840715e95afb760d6f2397bc8 25880 devel optional mozilla-js-debugger_1.8+1.0.8-3_all.deb
2700c5135ddd9a53bba3842009b7e971 25848 misc optional mozilla-calendar_1.8+1.0.8-3_all.deb
664a1caefb2efe9ea366f3f9ee9925a5 10392876 web optional iceape-browser_1.0.8-3_i386.deb
20350c37cab68239452b6592d9cac07f 46986 web optional iceape-gnome-support_1.0.8-3_i386.deb
8e56f55bce2d0e242bc81fd5428cd249 58587354 devel extra iceape-dbg_1.0.8-3_i386.deb
390d15bc6102b8c54a288c118c658235 1888948 mail optional iceape-mailnews_1.0.8-3_i386.deb
0f029241a16507553068631ebad05a64 587434 misc optional iceape-calendar_1.0.8-3_i386.deb
fc3c588459677e66006924226160783b 188174 web optional iceape-dom-inspector_1.0.8-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF8H/a3kvaLFT9KlgRAqrwAKCWAe6dZlCskKdWIzboqgK4akiYHQCgla5c
cHnvk3bY3qmdFXjPE1sdeeA=
=YDxp
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 14:16:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 5 04:04:52 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.