Comment 1 Markus Meier 2009-06-03 18:55:50 UTC

amd64/x86 stable

Comment 2 Ferris McCormick (RETIRED) 2009-06-03 19:20:33 UTC

Sparc stable.

Comment 3 Samuli Suominen (RETIRED) 2009-06-06 14:22:32 UTC

Hendrik, can you tell if the flaw this patch fixes could be exploited?

Comment 4 nixnut (RETIRED) 2009-06-06 17:10:56 UTC

ppc stable

Comment 5 Alex Legler (RETIRED) 2009-06-06 17:39:48 UTC

If I get this right, the patch changes the data type of newlen from a signed int to an unsigned int, doubling the value range. 
That might be a step to avoid an integer overflow, but still if the newlen was negative, safe_malloc does a check on (p == NULL) which would make the application shut down on a negative value passed to malloc.

So, I'd say that's a client DoS at the most. If newlen is overflown, the app would stop, if it isn't, the allocated heap buffer should be big enough.

Comment 6 Samuli Suominen (RETIRED) 2009-06-06 19:10:51 UTC

I'll leave it entirely under your consideration (but the package can go stable either way), it's just matter of how you'll post handle it.

Comment 7 Samuli Suominen (RETIRED) 2009-06-06 19:11:54 UTC

libtimidity is used by FusionSound (which is used by DirectFB) and also media-sound/moc, nothing else in our tree is using it (unless there is automagic's)

Comment 8 Brent Baude (RETIRED) 2009-06-16 19:19:18 UTC

ppc64 done

Comment 9 Samuli Suominen (RETIRED) 2009-06-18 17:03:23 UTC

I guess the security flaw is too far fetch.