[debian-mysql] Bug#882062: mariadb-10.1: fix-FTBFS-on-GNU-Hurd.patch introduces buffer overflow in mariabackup
James Cowgill
jcowgill at debian.org
Sat Nov 18 11:39:08 UTC 2017
Source: mariadb-10.1
Version: 10.1.26-1
Severity: important
Tags: patch security
Control: clone -1 -2
Control: reassign -2 mariadb-10.2 10.2.7-1
Control: retitle -2 mariadb-10.2: fix-FTBFS-on-GNU-Hurd.patch introduces buffer overflow in mariabackup
Hi,
As I mentioned in #879637 (message #12), the fix-FTBFS-on-GNU-Hurd.patch
Debian patch introduces a buffer overflow in mariabackup. Applying the
attached debdiff should fix it.
The bug does not affect mariadb-10.1 in stretch-security because it
doesn't include the fix-FTBFS-on-GNU-Hurd.patch patch.
Thanks,
James
-------------- next part --------------
diff -ur a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
--- a/debian/patches/fix-FTBFS-on-GNU-Hurd.patch 2017-11-16 15:24:36.000000000 +0000
+++ b/debian/patches/fix-FTBFS-on-GNU-Hurd.patch 2017-11-18 11:38:35.614785997 +0000
@@ -57,7 +57,7 @@
- parent[sizeof(parent) - 1] = 0;
+ parent = (char *)malloc(len);
+ strncpy(parent, pathname, len);
-+ parent[len] = 0;
++ parent[len - 1] = 0;
for (p = parent + strlen(parent);
!is_path_separator(*p) && p != parent; p--);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20171118/8fb326b7/attachment.sig>
More information about the pkg-mysql-maint
mailing list