Accepted mixmaster 3.0b2-5ubuntu1 (source)

Stephan Hermann sh at sourcecode.de
Sun May 6 15:35:16 BST 2007 

Accepted:
 OK: mixmaster_3.0b2-5ubuntu1.dsc
     -> Component: universe Section: mail
 OK: mixmaster_3.0b2-5ubuntu1.diff.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  6 May 2007 16:27:55 +0200
Source: mixmaster
Binary: mixmaster
Architecture: source
Version: 3.0b2-5ubuntu1
Distribution: gutsy
Urgency: high
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description: 
 mixmaster  - Anonymous remailer client and server
Closes: 418662
Changes: 
 mixmaster (3.0b2-5ubuntu1) gutsy; urgency=low
 .
   * Merge from Debian unstable. Remaining Ubuntu changes:
     - Added patch to use lsb functions in init file by David Mandelberg
 .
 mixmaster (3.0b2-5) unstable; urgency=high
 .
   * Backport a fix from upstream:
     In two functions in keymgt.c we had allocated a buffer of 33 bytes
     when if fact we were using one more - 34 - bytes.  This buffer
     overflow is exposed when building with gcc 4.x, it never was exposed
     with previous compilers because they apparently layed out the stack
     differently.
     The result of this buffer overflow is that a single 0-byte will be
     written at the end of the buffer.  At that position on the stack
     there is (at least in the previous build) a saved local variable
     from a calling function.  This local variable is a pointer to a
     BUFFER struct and this pointer has its least significant byte
     set to zero.
     This prevents mixmaster from properly decrypting incoming type2
     messages.  It's not likely that this can be exploited to execute
     arbitrary code, tho evidence or argument to the contrary are of course
     welcome.
     Upstream patch:
     http://svn.noreply.org/cgi-bin/viewcvs.cgi/trunk/Mix/Src/keymgt.c?rev=929&r1=766&r2=929
     Closes: #418662
     Thanks to Hauke Lampe and Colin Tuckley.
Files: 
 32d201397d8c077f751ab37431af17a8 736 mail optional mixmaster_3.0b2-5ubuntu1.dsc
 b88038491dea3fd4445e0811d5d0210d 36545 mail optional mixmaster_3.0b2-5ubuntu1.diff.gz
Original-Maintainer: Peter Palfrader <weasel at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGPeYTwYnnM8CY76gRAiP6AJ4lq2SuL3Qs7IrJiMnuFI9BKy2jKQCdF/Ur
r66/SNluImdW/jAumPvuKV4=
=YNoN
-----END PGP SIGNATURE-----

More information about the gutsy-changes mailing list