Changelog
mixmaster (3.0b2-5ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Added patch to use lsb functions in init file by David Mandelberg
mixmaster (3.0b2-5) unstable; urgency=high
* Backport a fix from upstream:
In two functions in keymgt.c we had allocated a buffer of 33 bytes
when if fact we were using one more - 34 - bytes. This buffer
overflow is exposed when building with gcc 4.x, it never was exposed
with previous compilers because they apparently layed out the stack
differently.
The result of this buffer overflow is that a single 0-byte will be
written at the end of the buffer. At that position on the stack
there is (at least in the previous build) a saved local variable
from a calling function. This local variable is a pointer to a
BUFFER struct and this pointer has its least significant byte
set to zero.
This prevents mixmaster from properly decrypting incoming type2
messages. It's not likely that this can be exploited to execute
arbitrary code, tho evidence or argument to the contrary are of course
welcome.
Upstream patch:
http://svn.noreply.org/cgi-bin/viewcvs.cgi/trunk/Mix/Src/keymgt.c?rev=929&r1=766&r2=929
Closes: #418662
Thanks to Hauke Lampe and Colin Tuckley.
-- Stephan Hermann <email address hidden> Sun, 6 May 2007 16:27:55 +0200
