[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:14847] Re: jgroff: printf format attack

From: Fumitoshi UKAI <ukai@debian.or.jp>
Subject: [debian-devel:14847] Re: jgroff: printf format attack
Date: Mon, 21 Jan 2002 02:23:13 +0900
Organization: Debian JP Project
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 3.0pl#17]; post only (anyone can post)
References: <20020121.002258.71081472.05@xxxxxxxxxxxxxxx>
Message-id: <877kqdlyxg.wl@xxxxxxxxxxxxxxx>
X-mail-count: 14847
User-agent: Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (Unebigory�mae) APEL/10.3 Emacs/21.1 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI)

I just NMU jgroff_1.15+ja-3.3 (backported from groff_1.15.2-3)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.6
Date: Mon, 21 Jan 2002 01:56:35 +0900
Source: jgroff
Binary: jgroff
Architecture: source i386
Version: 1.15+ja-3.3
Distribution: stable
Urgency: high
Maintainer: Fumitoshi UKAI <ukai@debian.or.jp>
Description: 
 jgroff     - GNU troff text-formatting system (Japanese Extended).
Closes: 129374
Changes: 
 jgroff (1.15+ja-3.3) stable; urgency=high
 .
   * NMU security updates
    - sync with groff_1.15.2-3, closes: Bug#129374
Files: 
 3a6d19923575cf01f415c8b4e4231aa9 601 text extra jgroff_1.15+ja-3.3.dsc
 2469f783a3c4dcfe5c16473c9fb2f537 14320 text extra jgroff_1.15+ja-3.3.diff.gz
 8738ce9fd7ee1e2602c66b7e06b89ff9 1563452 text extra jgroff_1.15+ja-3.3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: KUHASIKU WA http://www.gnupg.org/ WO GORANKUDASAI

iD8DBQE8Svlz9D5yZjzIjAkRAixVAJ9sJqbaU9gAYxLPwbeDS5JI4S9EDwCfb0mW
1850afkMfMhoYU+EcaxpumY=
=iI5S
-----END PGP SIGNATURE-----


At Mon, 21 Jan 2002 00:25:45 +0900,
Tatsuya Kinoshita wrote:

> I found a security problem of potato's `jgroff' package on the
> `Omoikane GNU/Linux' security information page.
> 
> (`jgroff' is a Japanese extended `groff'.  Woody's `groff' has
> merged it.  `Omoikane GNU/Linux' is a Debian based distribution.)
> 
> I sent a bug report to the BTS last Wednesday, but I have heard
> nothing from the package maintainer yet.
> 
> Please check Bug#129374:
> 
> > Debian potato's jgroff 1.15+ja-3.2 has the same problem as DSA-072-1.
> > 
> >   DSA-072-1 groff: printf format attack
> >   http://www.debian.org/security/2001/dsa-072
> > 
> >   Omoikane GNU/Linux security information (in Japanese)
> >   http://www.omoikane.co.jp/security.html
> > 
> > This has been fixed in the Omoikane GNU/Linux updates:
> > 
> >   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.diff.gz
> >   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.dsc
> >   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.changes
> >   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.deb
> 
> -- 
> Tatsuya Kinoshita
> 
> 
>

References:
- [debian-devel:14846] jgroff: printf format attack
  - From: Tatsuya Kinoshita

Prev by Date: [debian-devel:14846] jgroff: printf format attack
Next by Date: [debian-devel:14848] Unanswered problem reports by maintainer and package
Previous by thread: [debian-devel:14846] jgroff: printf format attack
Next by thread: [debian-devel:14848] Unanswered problem reports by maintainer and package
Index(es):
- Date
- Thread