Ubuntu
gxine package

overflow with long HOME environment variable

Bug #87874 reported by Reinhard Tartler
10
Affects Status Importance Assigned to Milestone
gxine (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Invalid
Low
William Grant
Edgy
Invalid
Low
Unassigned

Bug Description

Binary package hint: gxine

16:57:43 < _ds_> siretart, crimsun, looks like CVE-2007-0406 isn't fixed in edgy...
16:59:19 < _ds_> http://zap.tartarus.org/~ds/hg/gxine/?cmd=changeset;node=1809;style=gitweb

CVE References

Revision history for this message
Kees Cook (kees) wrote :

This is fixed in feisty (was fixed in gxine 0.5.10, it seems). Opening edgy and dapper tasks...

Changed in gxine:
status: Unconfirmed → Rejected
status: Unconfirmed → Confirmed
status: Unconfirmed → Confirmed
Revision history for this message
William Grant (wgrant) wrote :

I have a debdiff for Dapper prepared. gxine is in main for Edgy.

Changed in gxine:
assignee: nobody → fujitsu
status: Confirmed → In Progress
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for getting the debdiff prepared. After examining the code, I don't think I'm going to issue a security update for this flaw; it doesn't appear to be exploitable. If someone can prove me wrong, please do. From what I can see, a user can just overflow themselves, making this just a regular bug.

Changed in gxine:
importance: Undecided → Low
importance: Undecided → Low
William Grant (wgrant)
Changed in gxine:
status: In Progress → Rejected
status: Confirmed → Rejected
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.