[Bug 236769] Re: [CVE-2008-1922] Multiple buffer overflows in sarg

Alessio Treglia quadrispro at ubuntu.com
Mon May 25 07:11:57 UTC 2009 

Fixed:

sarg (2.2.5-2) unstable; urgency=low

  * debian/watch
    - Use SF redirector and make lintian happy

  * debian/{rules,compat}
    - Move DH_COMPAT to debian/compat and make lintian happy

  * debian/rules
    - Change make clean invocation and make lintian happier
    - Added support for DEB_BUILD_OPTIONS
    - Move documentation files from sarg-php to doc directory
    - Remove hidden file from /etc/squid/languages

  * debian/control
    - Removed dependency on bash, now essential
    - Bumped Standard-Version to 3.8.0

  * debian/postinst
    - Make postint fail on error

  * debian/copyright
    - Added copyright notice
    - Updated maintainer reference

  * debian/sarg-reports.1
    - Added man page, thanks to Juan Angulo Moreno (Closes: #481889)

  * debian/patches/show_read_statistics.patch
    - Added patch from Vladimir Lettiev fixing segfault with
      show_read_statistics set to no. (Closes: #444845, # 370811)

  * debian/patches/totger_patches.patch
    - Added patch from Thomas Bliesener fixing several buffer overflows
      (Closes: #470791)

  * debian/patches/opensuse_1_getword_boundary_limit.patch
    - Added patch from OpenSUSE to avoid segfaults in getword() calls

  * debian/patches/opensuse_2_enlarge_report_buffers.patch
    - Added patch from OpenSUSE to avoid overflow in report buffers

  * debian/patches/opensuse_3_too_small_font_buffer.patch
    - Added patch from OpenSUSE to avoid overflow in font buffer

  * debian/patches/opensuse_4_enlarge_log_buffer.patch
    - Added patch from OpenSUSE to avoid overflow in log buffer

  * debian/patches/opensuse_5_limit_sprintf.patch
    - Added patch from OpenSUSE to avoid segfaults in sprintf() calls

  * debian/patches/opensuse_6_limit_useragent_sprintf.patch
    - Added patch from OpenSUSE to avoid segfaults in sprintf() calls

  * debian/patches/opensuse_7_year_assertion.patch
    - Added patch from OpenSUSE to avoid assertion in year parsing

 -- Ubuntu Archive Auto-Sync <archive at ubuntu.com>   Mon,  09 Feb 2009
08:56:57 +0000

** Bug watch added: Debian Bug tracker #470791
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470791

** Also affects: sarg (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470791
   Importance: Unknown
       Status: Unknown

** Changed in: sarg (Ubuntu)
       Status: Confirmed => Fix Released

** Also affects: sarg (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: sarg (Ubuntu Intrepid)
   Importance: Undecided
       Status: New

-- 
[CVE-2008-1922] Multiple buffer overflows in sarg
https://bugs.launchpad.net/bugs/236769
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list