Report forwarded to debian-bugs-dist@lists.debian.org, Ken Bloom <kbloom@gmail.com>: Bug#450695; Package link-grammar.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Ken Bloom <kbloom@gmail.com>.
(full text, mbox, link).
Package: link-grammar
Version: 4.2.2-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for link-grammar.
CVE-2007-5395[0]:
| Stack-based buffer overflow in the separate_word function in
| tokenize.c in Link Grammar 4.1b and possibly other versions, as used
| in AbiWord Link Grammar 4.2.4, allows remote attackers to execute
| arbitrary code via a long word, as reachable through the
| separate_sentence function.
A patch for this extracted from upstream CVS is attached.
This is the cvs log for this fix:
RCS file: /cvsroot/link-grammar/link-grammar/tokenize.c,v
Working file: tokenize.c
head: 1.4
branch:
locks: strict
access list:
symbolic names:
link-grammar-4-2-4: 1.3
release-4-2-2: 1.2
release-4-2-1: 1.2
release-4-1-3: 1.1.1.1
release-4-1-1: 1.1.1.1
begin: 1.1.1.1
start: 1.1.1
keyword substitution: kv
total revisions: 5; selected revisions: 1
description:
----------------------------
revision 1.4
date: 2007/10/27 19:03:40; author: dom; state: Exp; lines: +15 -14
Secunia advisory SA27340 and CVE identifier CVE-2007-5395.
The vulnerability is caused due to a boundary error within the
"separate_word()" function in tokenize.c when processing overly long
words (over 61 bytes). This can be exploited to cause a stack-based
buffer overflow via a specially crafted sentence passed to the
"separate_sentence()" function.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5395
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Subject: Bug#450695: fixed in link-grammar 4.2.5-1
Date: Mon, 12 Nov 2007 12:02:02 +0000
Source: link-grammar
Source-Version: 4.2.5-1
We believe that the bug you reported is fixed in the latest version of
link-grammar, which is due to be installed in the Debian FTP archive:
liblink-grammar4-dev_4.2.5-1_i386.deb
to pool/main/l/link-grammar/liblink-grammar4-dev_4.2.5-1_i386.deb
liblink-grammar4_4.2.5-1_i386.deb
to pool/main/l/link-grammar/liblink-grammar4_4.2.5-1_i386.deb
link-grammar-dictionaries-en_4.2.5-1_all.deb
to pool/main/l/link-grammar/link-grammar-dictionaries-en_4.2.5-1_all.deb
link-grammar_4.2.5-1.diff.gz
to pool/main/l/link-grammar/link-grammar_4.2.5-1.diff.gz
link-grammar_4.2.5-1.dsc
to pool/main/l/link-grammar/link-grammar_4.2.5-1.dsc
link-grammar_4.2.5-1_i386.deb
to pool/main/l/link-grammar/link-grammar_4.2.5-1_i386.deb
link-grammar_4.2.5.orig.tar.gz
to pool/main/l/link-grammar/link-grammar_4.2.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 450695@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ken Bloom <kbloom@gmail.com> (supplier of updated link-grammar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 09 Nov 2007 14:19:10 -0600
Source: link-grammar
Binary: link-grammar-dictionaries-en liblink-grammar4 liblink-grammar4-dev link-grammar
Architecture: source all i386
Version: 4.2.5-1
Distribution: unstable
Urgency: high
Maintainer: Ken Bloom <kbloom@gmail.com>
Changed-By: Ken Bloom <kbloom@gmail.com>
Description:
liblink-grammar4 - Carnegie Mellon University's link grammar parser for English
liblink-grammar4-dev - Carnegie Mellon University's link grammar parser for English
link-grammar - Carnegie Mellon University's link grammar parser for English
link-grammar-dictionaries-en - Carnegie Mellon University's link grammar parser for English
Closes: 450695
Changes:
link-grammar (4.2.5-1) unstable; urgency=high
.
* New upstream release.
- Fixes boundary in separate_word() function.
CVE-2007-5395 and Secunia advisory SA27340
(Closes: #450695)
- Adds new API for extracting constituents.
* Removed all local patches as they've all been accepted upstream.
Files:
03d32d1896af20e6840c1c41d046c235 702 text optional link-grammar_4.2.5-1.dsc
302fa0cad0fa5b2aab126549553ad3f4 756081 text optional link-grammar_4.2.5.orig.tar.gz
cc08d5a1ddce782b90f08fa00fb77361 5702 text optional link-grammar_4.2.5-1.diff.gz
c00c1aec62ab847ad3dbb448ff9fb977 269168 text optional link-grammar-dictionaries-en_4.2.5-1_all.deb
bcc0066e8d1e89aadbd0b9d28623ebe3 15474 text optional link-grammar_4.2.5-1_i386.deb
6348db72fe3ffd9fd919d3a73e485377 88966 libs optional liblink-grammar4_4.2.5-1_i386.deb
c100cde8fdcd0ffba34c238cfc50049d 108998 libdevel optional liblink-grammar4-dev_4.2.5-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHOD2xHYflSXNkfP8RAvr5AJwL2RCx82yW7h1jl4+DJsVW1kEavQCgn5zJ
NZtxYCNMjrOPg4C3WVQUU88=
=KDCf
-----END PGP SIGNATURE-----
Bug marked as fixed in version 4.2.2-4etch1, send any further explanations to Nico Golde <nion@debian.org>
Request was from Ken Bloom <kbloom@gmail.com>
to control@bugs.debian.org.
(Mon, 14 Jul 2008 17:30:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 12 Aug 2008 07:34:13 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.