Re: cracklib: Fix buffer overflow

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cracklib: Fix buffer overflow

From:	Ludovic Courtès
Subject:	Re: cracklib: Fix buffer overflow
Date:	Tue, 10 Jan 2017 22:44:29 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> On Thu, Sep 15, 2016 at 11:36:46AM -0400, Leo Famulari wrote:
>> This patch cherry-picks an upstream commit to fix a buffer overflow in
>> cracklib. Please see the patch file for more information about the bug.
>
>> From 62f8f1763ba1766e92e8dc05686bd9353eaf2ad5 Mon Sep 17 00:00:00 2001
>> From: Leo Famulari <address@hidden>
>> Date: Thu, 15 Sep 2016 11:34:49 -0400
>> Subject: [PATCH] gnu: cracklib: Fix buffer overflow.
>> 
>> * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/password-utils.scm (cracklib)[source]: Use it.
>
> I forgot about this patch.
>
> Debian applied it:
> https://anonscm.debian.org/cgit/pkg-cracklib/pkg-cracklib.git/tree/debian/patches/overflow-processing-long-words.patch
>
> I'll push it today if I hear no objections.

Sounds good, thanks for the heads-up.

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cracklib: Fix buffer overflow, Leo Famulari, 2017/01/10
- Re: cracklib: Fix buffer overflow, Ludovic Courtès <=

Prev by Date: Re: [PATCH 1/1] gnu: libtiff: Fix CVE-2016-{10092, 10093, 10094} and others.
Next by Date: Re: Porting with Guix
Previous by thread: Re: cracklib: Fix buffer overflow
Next by thread: [PATCH] gnu: gnutls: Make perl a native-input.
Index(es):
- Date
- Thread