 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Debian- | Sep- | Next- | Next- |
| Subject: | t1lib security flaw: CVE-2007-4033/#439927 |
| Group: | Debian-security |
| From: | Artur R. Czechowski |
| Date: | 16 Sep 2007 |
forwarded 439927 rainer.menzner
tag 439927 patch confirmed upstream
severity 439927 serious
found 439927 5.1.0-2
thanks
Hi,
The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is
vulnerable to CVE-2007-4033 security flaw.
Upstream version 5.1.1 is vulnerable too. Upstream has been informed
about the issue.
I attached a patch solving the issue.
Best regards
Artur
[1] sarge probably too, I didn't check it.
--
Po co mamy ze sob± rozmawiać, skoro tak łatwo się komunikować?
/Jean Baudrillard/
--- t1env.c.orig 2007-09-16 19:56:38.319184208 +0200
+++ t1env.c 2007-09-16 20:05:02.057070439 +0200
@@ -611,6 +611,12 @@
#endif
strcat( pathbuf, DIRECTORY_SEP);
/* And finally the filename: */
+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+ let's try next pathbuf */
+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+ i++;
+ continue;
+ }
strcat( pathbuf, StrippedName);
/* Check for existence of the path: */
| Prev- | Prev- | Debian- | Sep- | Next- | Next- |