[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files

From: darren
Subject: Re: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files
Date: Thu, 29 May 2008 05:42:56 -0700
User-agent: RoundCube Webmail/0.1-rc2

On Thu, 29 May 2008 07:30:12 +0000 (UTC), Duncan <address@hidden>
> Pavel Polischouk
> <address@hidden> posted
> address@hidden, excerpted below, on  Wed, 28 May 2008
> -0400:
>> I discovered a heap overflow in pan 0.132, part of the code reading .nzb
>> files (either from tasks.nzb or elsewhere). Usually it results in
>> assertion failure, but in certain cases might lead to segmentation
>> fault, arbitrary code execution shouldn't be ruled out either.
>> The bug is tracked in RedHat bugzilla for Fedora 9:
>> There are some stack
>> traces from failed assertion and segmentation faults caused by this bug,
>> as well as some trigger .nzb files attached to that bugzilla entry.
>> The proposed patch:
>> Signed-off by: Pavel Polischouk
>> <address@hidden>
> Thanks.  It's now filed in gnome/pan's buzilla, and since I'm a Gentoo
> user, I've filed a bug there as well.
> To keep the info together, here's the URL for the CVE entry you filed as
> well, altho currently all it says is "reserved".
> --
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman

Bug report filed in Launchpad for Ubuntu and I am heading to Debian's
bugtracker now to file it there as well.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]