[Bug 58828] Please sync capi4hylafax (universe) from unstable (main)
Martin Pitt
martin.pitt at ubuntu.com
Mon Sep 4 10:18:10 BST 2006
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects distros/ubuntu/capi4hylafax
status confirmed
subscribe ubuntu-archive
Please sync capi4hylafax (universe) from Debian unstable (main).
Changelog since current edgy version 1:01.03.00.99.svn.297-3:
capi4hylafax (1:01.03.00.99.svn.300-3) unstable; urgency=high
* Sigh. 1:01.03.00.99.svn.300-2 was still subtly broken: An invalid TSI
string crashes the c2faxrecv daemon. Hopefully fixed now.
* Also fix CVE-2006-3126 in mgetty mode.
-- Lionel Elie Mamane <lmamane at debian.org> Sat, 26 Aug 2006 12:42:12
+0200
capi4hylafax (1:01.03.00.99.svn.300-2) unstable; urgency=low
* Fix bug #382474 in a way that doesn't break the whole program's
functionality.
-- Lionel Elie Mamane <lmamane at debian.org> Thu, 24 Aug 2006 18:34:29
+0200
capi4hylafax (1:01.03.00.99.svn.300-1) unstable; urgency=low
* New upstream release:
- Fix for #358567 taken upstream
- Fix for long (> 200 chars) lines in config files
- Higher debbugging level
* Bumped up Standards-Version
-- Lionel Elie Mamane <lmamane at debian.org> Wed, 23 Aug 2006 23:15:32
+0200
capi4hylafax (1:01.03.00.99.svn.297-4) UNRELEASED; urgency=high
* Don't let null characters from cidnumber prematurely terminate C
string preparing command line for faxrcvd in c2faxrecv
(closes: #382474). This is CVE-2006-3126.
Also remove shell metacharacters while I'm at it. This probably fixes
a security vulnerability (arbitrary remote command execution under
uucp identity): the said command line contains untrusted
sender-controlled data, the sender's identification (the TSI
string). (The ITU T.30 specification restricts this string to a prefix
'+' and digits only, but rumour has it an attacker can transmit
arbitrary ASCII data, including null characters.)
-- Lionel Elie Mamane <lmamane at debian.org> Wed, 23 Aug 2006 22:59:49
+0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFE+++eDecnbV4Fd/IRAo1rAKDaTK9SwbMRABojLx2Yymb6WrOg7QCfZRwu
O9lovWIygzvsq6ZlqP9oZ+E=
=+FN3
-----END PGP SIGNATURE-----
** Affects: capi4hylafax (Ubuntu)
Importance: Untriaged
Status: Confirmed
--
Please sync capi4hylafax (universe) from unstable (main)
https://launchpad.net/bugs/58828
More information about the ubuntu-archive
mailing list