Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: "Dominik Schäfer" <schaedpq@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier <- Gentoo ebuild affected?
Date: Fri, 26 Mar 2004 12:29:44
Message-Id: 40642212.3090102@gmx.de
In Reply to: [gentoo-security] Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier <- Gentoo ebuild affected? by Tobias Weisserth
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 > Is app-misc/mc-4.6.0-r3 or any other mc ebuild in Portage affected by
5 > the stack-based buffer overflow in vfs_s_resolve_symlink of
6 > vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier?
7 > I couldn't find any entry in bugs.gentoo.org. Shall I assume it has been
8 > fixed? How do I find out more?
9 I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75
10 of direntry.c, look at:
11 http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c
12 I think, this issue is not fixed in Portage, because I find nothing in
13 Changelog and no patch in files/.
14 It should be fixed in the latest test version, 4.6.1-pre1 (released
15 December 24, 2003). I'm afraid that the development of mc is not the
16 fasted and it could take some time until the next stable version is
17 released.
18 Either we wait or we could try to prepare a patch ourselves.
19 Unfortunately I'm not experienced enough in programming so I don't dare
20 to try this myself. The diff from 1.74 to the apparently fixed reversion
21 1.75 can be found here:
22 http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75
23 The diff between 1.57 (contained in the last stable version, mc-4.6.0)
24 and 1.75:
25 http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57
26 I don't know if you think, this issue is important enough, but if you do
27 and somebody has time...
28
29 Dominik
30 - --
31 Dominik Schäfer
32 Laerholzstr. 17-19
33 44801 Bochum
34 eMail: schaedpq@×××.de
35 -----BEGIN PGP SIGNATURE-----
36 Version: GnuPG v1.2.4 (GNU/Linux)
37 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
38
39 iD8DBQFAZCIRkR+5tbK98F8RAiBeAKCCWOY9GoqKAtZ3ok2yyviSCKzOqACfWTjI
40 4D2pLje102AD12Q5z4gVvFM=
41 =fci6
42 -----END PGP SIGNATURE-----
43
44
45 --
46 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups