[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Pan-devel] Re: Buffer overflow in pan when parsing .nzb files

From: Duncan
Subject: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files
Date: Thu, 29 May 2008 07:30:12 +0000 (UTC)
User-agent: Pan/0.132 (Waxed in Black)

Pavel Polischouk
<address@hidden> posted
address@hidden, excerpted below, on  Wed, 28 May 2008 23:12:22

> I discovered a heap overflow in pan 0.132, part of the code reading .nzb
> files (either from tasks.nzb or elsewhere). Usually it results in
> assertion failure, but in certain cases might lead to segmentation
> fault, arbitrary code execution shouldn't be ruled out either.

> The bug is tracked in RedHat bugzilla for Fedora 9:
> There are some stack
> traces from failed assertion and segmentation faults caused by this bug,
> as well as some trigger .nzb files attached to that bugzilla entry.
> The proposed patch:
> Signed-off by: Pavel Polischouk
> <address@hidden>

Thanks.  It's now filed in gnome/pan's buzilla, and since I'm a Gentoo 
user, I've filed a bug there as well.

To keep the info together, here's the URL for the CVE entry you filed as 
well, altho currently all it says is "reserved".

Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

reply via email to

[Prev in Thread] Current Thread [Next in Thread]