Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 73045 - app-misc/mc Several vulnerabilities (Vendor-Sec)
Summary: app-misc/mc Several vulnerabilities (Vendor-Sec)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2004-12-01 10:06 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2009-08-05 11:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-01 10:06:07 UTC
Vendor-Sec reports:

several problems have been fixed between version 4.5.55 and 4.6.0
of mc.  Andrew V. Samoilov picked out several ones for which the
corrections are attached.  It's not unlikely that there are more
problems but we'll probably fix these and then see whether more
problems pop up in the future.

  * Upstream CVS revision in angle brackets
  * Corrected format string problems [src/utilunix.c<1.38>,
    vfs/fish.c<1.96>, CAN-2004-1004]
  * Corrected buffer overflows [src/wtools.c<1.28>, src/utilunix.c<1.76>,
    src/boxes.c<1.54>, src/charsets.c<1.16>, CAN-2004-1005]
  * Applied upstream patch by Andrew V. Samoilov to prevent a buffer
    overflow [src/key.c<1.29>, CAN-2004-1005,]
  * Corrected an infinite loop [gtkedit/syntax.c, CAN-2004-1009]
  * Applied upstream patch by Andrew V. Samoilov <> to fix
    crash caused by a corrupted section header [src/profile.c<1.9>,
  * Applied upstream patch by Pavel Roskin <> to fix
    potential crash by null dereference when panalising an arbitrary
    directory [src/find.c<1.60>, CAN-2004-1091]
  * Check for return code when a temporary file is requested in case this
    fails, prevents freeing unallocated memory [gtkedit/editcmd.c,
  * Prevent crash by using already freed memory [src/key.c<1.32>,
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-12-01 10:54:54 UTC
We're at 4.6.0 level since August 2002... so I suppose we're safe ?
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-01 12:06:21 UTC
Closing, I must need more caffeine:-)