Summary: | Midnight Commander: Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tobias Weisserth <tobias> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | lanius |
Priority: | Highest | Flags: | klieber:
Pending-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Tobias Weisserth
2004-03-28 02:26:42 UTC
Heinrich -- could you take a look at this? I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75 of direntry.c, look at: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c I believe, this issue is not fixed in Portage, because I find nothing in Changelog and no patch in files/. It should be fixed in the latest test version, 4.6.1-pre1 (released December 24, 2003). I'm afraid that the development of mc is not the fastest and it could take some time until the next stable version is released. Either we wait or we could try to prepare a patch ourselves. Unfortunately I'm not experienced enough in programming (in C) so I don't dare to try this myself. The diff from 1.74 to the apparently fixed reversion 1.75 can be found here: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75 The diff between 1.57 (contained in the last stable version, mc-4.6.0) and 1.75: http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57 -r5 contains a fix, marked stable adding herds and bumping priority. Herdfolk -- please test and mark stable on your arches. It is already stable on all archs, so it seems we should just test it. Just curious, who marked it stable on sparc? I see no changelog entry for the KEYWORD change. Nevertheless, it works on ppc. Removing from Cc. sorry, i marked it stable on all arches since the patch was fairly trivial >> sorry, i marked it stable on all arches since the patch was fairly trivial
Would be nice to mention this in the ChangeLog. Removing sparc, works fine.
glsa 200403-09 |