[Bug 58828] Please sync capi4hylafax (universe) from unstable (main)

Martin Pitt martin.pitt at ubuntu.com
Mon Sep 4 10:18:10 BST 2006 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects distros/ubuntu/capi4hylafax
 status confirmed
 subscribe ubuntu-archive

Please sync capi4hylafax (universe) from Debian unstable (main).

Changelog since current edgy version 1:01.03.00.99.svn.297-3:

capi4hylafax (1:01.03.00.99.svn.300-3) unstable; urgency=high

  * Sigh. 1:01.03.00.99.svn.300-2 was still subtly broken: An invalid TSI
    string crashes the c2faxrecv daemon. Hopefully fixed now.
  * Also fix CVE-2006-3126 in mgetty mode.

 -- Lionel Elie Mamane <lmamane at debian.org>  Sat, 26 Aug 2006 12:42:12
+0200

capi4hylafax (1:01.03.00.99.svn.300-2) unstable; urgency=low

  * Fix bug #382474 in a way that doesn't break the whole program's
    functionality.

 -- Lionel Elie Mamane <lmamane at debian.org>  Thu, 24 Aug 2006 18:34:29
+0200

capi4hylafax (1:01.03.00.99.svn.300-1) unstable; urgency=low

  * New upstream release:
    - Fix for #358567 taken upstream
    - Fix for long (> 200 chars) lines in config files
    - Higher debbugging level
  * Bumped up Standards-Version

 -- Lionel Elie Mamane <lmamane at debian.org>  Wed, 23 Aug 2006 23:15:32
+0200

capi4hylafax (1:01.03.00.99.svn.297-4) UNRELEASED; urgency=high

  * Don't let null characters from cidnumber prematurely terminate C
    string preparing command line for faxrcvd in c2faxrecv
    (closes: #382474). This is CVE-2006-3126.
    Also remove shell metacharacters while I'm at it. This probably fixes
    a security vulnerability (arbitrary remote command execution under
    uucp identity): the said command line contains untrusted
    sender-controlled data, the sender's identification (the TSI
    string). (The ITU T.30 specification restricts this string to a prefix
    '+' and digits only, but rumour has it an attacker can transmit
    arbitrary ASCII data, including null characters.)

 -- Lionel Elie Mamane <lmamane at debian.org>  Wed, 23 Aug 2006 22:59:49
+0200


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE+++eDecnbV4Fd/IRAo1rAKDaTK9SwbMRABojLx2Yymb6WrOg7QCfZRwu
O9lovWIygzvsq6ZlqP9oZ+E=
=+FN3
-----END PGP SIGNATURE-----

** Affects: capi4hylafax (Ubuntu)
     Importance: Untriaged
         Status: Confirmed

-- 
Please sync capi4hylafax (universe) from unstable (main)
https://launchpad.net/bugs/58828

More information about the ubuntu-archive mailing list