Message-ID: <email address hidden>
Date: Thu, 6 Jan 2005 16:49:21 +0100
From: Martin Schulze <email address hidden>
To: Moritz Muehlenhoff <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: [patch] KDE ftp kioslave applies to woody as well
Moritz Muehlenhoff wrote:
> Hi,
> this applies to woody as well. Attached you can find the backported upstream
> patch against 2.2.2. BTW, this is CAN-2004-1165.
>
> Cheers,
> Moritz
Thanks, that was on my agenda as well. Working on it now.
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. tell me the version number of the fixed package
. use priority=high
. no need to upload into sarge directly, except the version in
sid is not meant to go into testing
Regards,
Joey
--
Let's call it an accidental feature. -- Larry Wall
Message-ID: <email address hidden>
Date: Thu, 6 Jan 2005 16:49:21 +0100
From: Martin Schulze <email address hidden>
To: Moritz Muehlenhoff <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: [patch] KDE ftp kioslave applies to woody as well
Moritz Muehlenhoff wrote:
> Hi,
> this applies to woody as well. Attached you can find the backported upstream
> patch against 2.2.2. BTW, this is CAN-2004-1165.
>
> Cheers,
> Moritz
> diff -Naur kdelibs- 2.2.2.orig/ kio/ftp/ ftp.cc kdelibs- 2.2.2/kio/ ftp/ftp. cc 2.2.2.orig/ kio/ftp/ ftp.cc Wed Jan 5 12:29:07 2005 2.2.2/kio/ ftp/ftp. cc Wed Jan 5 12:28:25 2005 _ACTION, m_host );
> --- kdelibs-
> +++ kdelibs-
> @@ -596,6 +596,14 @@
> {
> assert( sControl > 0 );
>
> + if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
> + {
> + kdWarning(7102) << "Invalid command received (contains CR or LF): "
> + << cmd.data() << endl;
> + error( ERR_UNSUPPORTED
> + return false;
> + }
> +
> QCString buf = cmd;
> buf += "\r\n";
Thanks, that was on my agenda as well. Working on it now.
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. tell me the version number of the fixed package
. use priority=high
. no need to upload into sarge directly, except the version in
sid is not meant to go into testing
Regards,
Joey
--
Let's call it an accidental feature. -- Larry Wall