2012-04-26 14:55:36 |
Serge Hallyn |
bug |
|
|
added bug |
2012-04-26 14:55:46 |
Serge Hallyn |
lxc (Ubuntu): assignee |
|
Serge Hallyn (serge-hallyn) |
|
2012-04-26 14:55:50 |
Serge Hallyn |
lxc (Ubuntu): importance |
Undecided |
High |
|
2012-04-26 14:55:53 |
Serge Hallyn |
lxc (Ubuntu): status |
New |
In Progress |
|
2012-04-26 17:14:22 |
Serge Hallyn |
nominated for series |
|
Ubuntu Precise |
|
2012-04-26 17:14:22 |
Serge Hallyn |
bug task added |
|
lxc (Ubuntu Precise) |
|
2012-04-26 17:19:14 |
Serge Hallyn |
description |
Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those. |
==============================
SRU Justification:
Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
Stable fix: will be same as development fix
Development fix: Change all sprintf calls to snprintf, and check all snprintf return values
which can possibly overrun
Test case: call lxc-info with a 300 character container name?
Regression potential: If this code is not converted correctly, regular container
usage can be broken. The lxc testsuite is being run to make sure there are no
regressions with regular container creation and startup.
==============================
Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those. |
|
2012-04-26 17:36:31 |
Serge Hallyn |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2012-04-26 17:37:08 |
Serge Hallyn |
bug |
|
|
added subscriber Francesco Banconi |
2012-04-26 17:44:04 |
Serge Hallyn |
bug |
|
|
added subscriber Daniel Lezcano |
2012-04-26 17:44:15 |
Serge Hallyn |
lxc (Ubuntu Precise): importance |
Undecided |
High |
|
2012-04-26 17:45:46 |
Serge Hallyn |
description |
==============================
SRU Justification:
Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
Stable fix: will be same as development fix
Development fix: Change all sprintf calls to snprintf, and check all snprintf return values
which can possibly overrun
Test case: call lxc-info with a 300 character container name?
Regression potential: If this code is not converted correctly, regular container
usage can be broken. The lxc testsuite is being run to make sure there are no
regressions with regular container creation and startup.
==============================
Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those. |
==============================
SRU Justification:
Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
Stable fix: will be same as development fix
Development fix: Change all sprintf calls to snprintf, and check all snprintf return values
which can possibly overrun
Test case: call lxc-info with a 300 character container name?
Regression potential: If this code is not converted correctly, regular container
usage can be broken. The lxc testsuite was run to make sure there are no
regressions with regular container creation and startup. (see
lp:~serge-hallyn/+junk/lxc-test)
==============================
Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those. |
|
2012-04-27 11:37:13 |
Martin Pitt |
lxc (Ubuntu Precise): status |
New |
Fix Committed |
|
2012-04-27 11:37:15 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2012-04-27 11:37:17 |
Martin Pitt |
tags |
|
verification-needed |
|
2012-04-28 11:12:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/lxc |
|
2012-04-28 14:28:41 |
Martin Pitt |
tags |
verification-needed |
verification-done |
|
2012-04-30 13:28:20 |
Launchpad Janitor |
lxc (Ubuntu): status |
In Progress |
Fix Released |
|
2012-04-30 13:49:19 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lxc |
|
2012-05-04 04:02:19 |
Launchpad Janitor |
lxc (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|