Bug#693471: libcommoncpp2-dev: crash from buffer overflow
Tristan Matthews
tristan.matthews at savoirfairelinux.net
Fri Nov 16 20:45:43 UTC 2012
Package: libcommoncpp2-dev
Version: 1.7.3-1.1
Severity: important
Tags: patch
Dear Maintainer,
When using commoncpp2 on 64 bit systems (as SFLphone does), if gethostbyname
fails, libcommoncpp2 will cause a buffer overflow by doing an incorrect memset.
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise'), (100, 'precise-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcommoncpp2-dev depends on:
ii libccgnu2-1.7-0 1.7.3-1.1
ii libgcrypt11-dev [libgcrypt-dev] 1.5.0-3ubuntu0.1
ii libgnutls-dev 2.12.14-5ubuntu3.1
ii pkg-config 0.26-1ubuntu1
ii zlib1g-dev 1:1.2.3.4.dfsg-3ubuntu4
libcommoncpp2-dev recommends no packages.
Versions of packages libcommoncpp2-dev suggests:
pn libcommoncpp2-doc <none>
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: inaddr.patch
Type: text/x-diff
Size: 458 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20121116/440b2fe9/attachment.patch>
More information about the Pkg-voip-maintainers
mailing list