1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
> Is app-misc/mc-4.6.0-r3 or any other mc ebuild in Portage affected by |
5 |
> the stack-based buffer overflow in vfs_s_resolve_symlink of |
6 |
> vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier? |
7 |
> I couldn't find any entry in bugs.gentoo.org. Shall I assume it has been |
8 |
> fixed? How do I find out more? |
9 |
I think this has been fixed in MCs CVS on 16. Oct 2003, in revision 1.75 |
10 |
of direntry.c, look at: |
11 |
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c |
12 |
I think, this issue is not fixed in Portage, because I find nothing in |
13 |
Changelog and no patch in files/. |
14 |
It should be fixed in the latest test version, 4.6.1-pre1 (released |
15 |
December 24, 2003). I'm afraid that the development of mc is not the |
16 |
fasted and it could take some time until the next stable version is |
17 |
released. |
18 |
Either we wait or we could try to prepare a patch ourselves. |
19 |
Unfortunately I'm not experienced enough in programming so I don't dare |
20 |
to try this myself. The diff from 1.74 to the apparently fixed reversion |
21 |
1.75 can be found here: |
22 |
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.74&r2=1.75 |
23 |
The diff between 1.57 (contained in the last stable version, mc-4.6.0) |
24 |
and 1.75: |
25 |
http://savannah.gnu.org/cgi-bin/viewcvs/mc/mc/vfs/direntry.c.diff?r1=1.75&r2=1.57 |
26 |
I don't know if you think, this issue is important enough, but if you do |
27 |
and somebody has time... |
28 |
|
29 |
Dominik |
30 |
- -- |
31 |
Dominik Schäfer |
32 |
Laerholzstr. 17-19 |
33 |
44801 Bochum |
34 |
eMail: schaedpq@×××.de |
35 |
-----BEGIN PGP SIGNATURE----- |
36 |
Version: GnuPG v1.2.4 (GNU/Linux) |
37 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
38 |
|
39 |
iD8DBQFAZCIRkR+5tbK98F8RAiBeAKCCWOY9GoqKAtZ3ok2yyviSCKzOqACfWTjI |
40 |
4D2pLje102AD12Q5z4gVvFM= |
41 |
=fci6 |
42 |
-----END PGP SIGNATURE----- |
43 |
|
44 |
|
45 |
-- |
46 |
gentoo-security@g.o mailing list |