Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

Hi Steve,
* Steve Kemp <skx@debian.org> [2007-12-07 20:26]:
> On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
>
> > What about those, are they unimportant?
> > They are still present in the etch code. I stumbled
> > upon them while preparing a testing-security upload.
>
> Uknown. I used the patch provided by Theodore Tso, which he
> is/was planning on using for Sid/Ubuntu.

Oh ok.

> If there are missing bits then we'll need to reissue the update,
> but right now I believed the patch was as complete as it needed
> to be.

Ok, I am waiting for his reply, I attached my patch to the bug report in unstable. From what I see every multiplication with fs->blocksize needs to be checked, all of these are coming from the file system. Let's see what he does :)

http://people.debian.org/~nion/nmu-diff/e2fsprogs-1.40.2-1_1.40.2-1+lenny1.patch YFYI this is the patch I used for testing-security. Cheers
Nico

-- 
Nico Golde - 
http://www.ngolde.de - 
nion(at)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org