Ubuntu
supybot package

math.calc can crash the computer where the bot is running

Bug #996950 reported by Aminda Suomalainen
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu IRC Bots
Invalid
Undecided
Unassigned
supybot (Debian)
Fix Released
Unknown
supybot (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

With specific calcutations, math.calc command can crash the bot and computer where it's running.
Example command:
!math calc factorial(999999)

This bug has been fixed at least in fork Limnoria, https://github.com/ProgVal/Limnoria/

Revision history for this message
Aminda Suomalainen (mikaela) wrote :

Oh, and I forgot to mention that Supybot upstream is dead.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in supybot (Ubuntu):
status: New → Confirmed
Aminda Suomalainen (mikaela)
security vulnerability: no → yes
Revision history for this message
Aminda Suomalainen (mikaela) wrote :

This issue affects ubotufr, which seems to be part of ubuntu-bots. I have just tested this.

Revision history for this message
m4v (m4v) wrote :

well, ubotu-fr doesn't have math loaded, is in the code due to being forked from supybot, but it isn't used in the ubotu-fr instance.

Revision history for this message
Aminda Suomalainen (mikaela) wrote : Re: [Bug 996950] Re: math.calc can crash the computer where the bot is running

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

09.05.2012 18:08, m4v kirjoitti:
> well, ubotu-fr doesn't have math loaded, is in the code due to
> being forked from supybot, but it isn't used in the ubotu-fr
> instance.
>

Oh, I didn't even think about uBOTu-fr as running bot. I was only
talking about the source.

- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqot+AAoJEE21PP6CpGcolqAP/3IcbNwhrfyKeM/S41C/wLXl
ErmkNy5zEDGDB942z5H0fFlXSJ4bKuF2MINIIG7VX4QRpdSRbldW4U8v05BSK1Sm
0JgXVCNz03aTivuORgT6Phi24FNqOSSgsV3dW5RxzBgYSVVqGuLGRkdVr57JJ4Jd
R2Zyo03WMaufbYhwSWzYWUqF8emkO77B84WzaJllKa080eU49/1gwx9yVSwL/EuW
aGkcSwGroe7X48PzsIqH7hmT4ee1lOkQCalkCqkwTCZeapbUAbDNXZSjnpvk6tPb
pXDOK4hJGaIsBhC94jQ2TYhavziUfkPzqyZiT+z1t/kYIsOVKMY4VIMfsU30vtmD
ekRzaxsYftlI8cCrqulrjkp9QsKmJTRqGR8TngbPAz+ihuoEHNyEkZHE5NxiMVlt
LCmj75wUzPT4x4e4t3l6i8zs7u3klAx3jA6ymNK4Db/vSX6tK3cLFIQ06vU7d4rR
EAhLYkg7GiolJGg9ipTQnJtxn4eryZKWPrLzrOqBVJWIQctqQhdrx7+Y+hzTfCBp
FAan/TN8uT7+U9dCj4bgmB/X13+ADTsVUqMxE/vsRF5oh9x+50TgUx6UNZ/9Jc/D
7lfugI26Y9cDqwSKQrVBgeCVWzD7TgqcTGq5L9XgeVcc6wjV3bdu18GQT/cQvhXs
MBr+tJ3k+ZUMXqubO8/3
=t5mE
-----END PGP SIGNATURE-----

Bug Watch Updater (bug-watch-updater)
Changed in supybot (Debian):
status: Unknown → New
m4v (m4v)
Changed in ubuntu-bots:
status: New → Invalid
Revision history for this message
Aminda Suomalainen (mikaela) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

09.05.2012 19:35, m4v kirjoitti:
> ** Changed in: ubuntu-bots Status: New => Invalid
>

Has Ubotu-fr moved out of Ubuntu-bots? Last time when I checked, it
was part of Ubuntu-bots.

- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqqGGAAoJEE21PP6CpGcopakP/3e9Fd8sVjm5flg1NGJfL9NZ
E9cneyCZ3L193dPI7qDW7OWZSrw1m5AMQUPr5H6BoI3FXFynA7AR4+8Fc++S4Oby
2LnRjNYXek58tpeVt+pmRBggM/L7cwqxQtIFacI+w9HLqcsylyI73Ubccq7ZYkCB
05FOBP1jSPqPUxjS2/2vI2PhDuGQkjp5/Ge1+ZpSkvDBmcAq9KWRim7Esaljnw6E
39zywZWQgN0ljJGutMKO+IeUom3EH/tdQOD9KeACJ1BsQ+9kLTWzeLCbgD71ERM6
EePyBGAdJ+b7WC8pnRaffYdy6U0nCEuLjJzhJIWybhML1OPGSoqBOfZ33xcaROwK
Yloww5vsTeQ0EIVIpa2/UEz2O1biw5sHO09QYV6lkbEAk1SRWIW70DYvlp4p5N0H
U1H3pnwl4Gsj9pUpKB1PjTSW0GWpgyRKlCS5evFX02D49wjamp0bAjE7Of0x+CUT
b6xNvngOVv8kWqZwMYjj1fm5OrPa1FIM6tgGwYCXXqc/NFJ6eDnvQEZ2W/q52IR8
79zDxj/yGoWXs/fP9ooZFd9NBrK6UYhDnyJVtwgPT6SqzaeaUrdR2EXWwh+l4Fqw
Y4IvSFeQfrFVlsDJN3h2wmaPaGEojFlCq5rmcNYPWP3qawK2CC6yi+b/D6sEa+7j
hmUuDgBZYoAbrwSGRJzT
=J150
-----END PGP SIGNATURE-----

Bug Watch Updater (bug-watch-updater)
Changed in supybot (Debian):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in supybot (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.