Summary: | app-office/gnucash: stack smashing attack in function gnc_dense_cal_init | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | A. Person <tesoro302> |
Component: | New packages | Assignee: | GNOME Office (OBSOLETE) <gnome-office+disabled> |
Status: | RESOLVED NEEDINFO | ||
Severity: | normal | CC: | hardened, tschenturs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
A. Person
2008-04-28 12:51:40 UTC
Still happens. Any ideas? Grant I don't get this problem. Just out of curiosity: Do you get the same issue with a fresh and new file? It may be releated with your data file. HTH, Urs Of course input files shouldn't be able to cause stack smashing cases. Security bugs are usually compromised through the means of getting it have some input (data file or otherwise) that triggers it. you're absolutely right, of course Urs I switched from a hardened profile to 2008.0 and the problem has disappeared. Not sure if this bug should be closed. Regarding missing core dumps, it could be useful to check the hardened reports among #263681, #225563, #288419, #115285, #149292, #180451, #231225, #286587, #202582, #191005 and #219589 (In reply to comment #6) Sorry, I posted this into the wrong window. See bug #297467 Please try with gnucash-2.4 I could be wrong but I don't think I can switch to a hardened profile without reinstalling the system. Well sort of you don't need to reinstall but recompile: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile +*gnucash-2.4.4 (15 Mar 2011) + + 15 Mar 2011; Pacho Ramos <pacho@gentoo.org> -gnucash-2.4.0.ebuild, + -files/gnucash-2.4.0-fix-tests-linking.patch, +gnucash-2.4.4.ebuild: + Version bump with a lot of bugfixes, remove old. + Please re-test with this |