Re: [Pan-devel] Re: Buffer overflow in pan when parsing .nzb files

[darren]

On Thu, 29 May 2008 07:30:12 +0000 (UTC), Duncan <address@hidden>
wrote:
> Pavel Polischouk
> <address@hidden> posted
> address@hidden, excerpted below, on  Wed, 28 May 2008
23:12:22
> -0400:
> 
>> I discovered a heap overflow in pan 0.132, part of the code reading .nzb
>> files (either from tasks.nzb or elsewhere). Usually it results in
>> assertion failure, but in certain cases might lead to segmentation
>> fault, arbitrary code execution shouldn't be ruled out either.
> 
>> The bug is tracked in RedHat bugzilla for Fedora 9:
>> https://bugzilla.redhat.com/show_bug.cgi?id=446902 There are some stack
>> traces from failed assertion and segmentation faults caused by this bug,
>> as well as some trigger .nzb files attached to that bugzilla entry.
>>
>> The proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=306880
>>
>> Signed-off by: Pavel Polischouk
>> <address@hidden>
> 
> Thanks.  It's now filed in gnome/pan's buzilla, and since I'm a Gentoo
> user, I've filed a bug there as well.
> 
> http://bugzilla.gnome.org/show_bug.cgi?id=535413
> http://bugs.gentoo.org/show_bug.cgi?id=224051
> 
> To keep the info together, here's the URL for the CVE entry you filed as
> well, altho currently all it says is "reserved".
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363
> 
> --
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman
>

Bug report filed in Launchpad for Ubuntu and I am heading to Debian's
bugtracker now to file it there as well.