Alec Berryman
2006-May-15 13:34 UTC
[Secure-testing-team] Bug#340177: cscope: fix for CVE-2004-2541: "buffer overflows in parsing file names from #include statements"
Package: cscope Version: 15.5+cvs20050816-1 Followup-For: Bug #340177 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Upstream appears to have stalled on this issue because some cscope targets platforms do not have snprintf(). Debian has snprintf(), so this is not a problem for us. The attached patch CVE-2004-2541.diff converts sprintf() calls to snprintf(). It applies and compiles, and when patched cscope no longer segfaults when examining the attached CVE-2004-2541-test.c. - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, ''unstable'') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.16-alec-laptop Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages cscope depends on: ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libncurses5 5.5-2 Shared libraries for terminal hand cscope recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEaH+JAud/2YgchcQRAj5fAKCjaA733NRcu8TO5tqNN3AAdYlcIQCcCwDQ fPGtu6bPz2Hu2cuHkNhifw4=5d2y -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2004-2541.diff Type: text/x-c Size: 10312 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060515/7614fc5a/CVE-2004-2541.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2004-2541-test.c Type: text/x-c Size: 1552 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060515/7614fc5a/CVE-2004-2541-test.bin