CVE-2007-4091 off-by-one in sender.c

Debian Bug report logs - #438125
CVE-2007-4091 off-by-one in sender.c

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: CVE-2007-4091 off-by-one in sender.c

Date: Wed, 15 Aug 2007 16:20:20 +0200

[Message part 1 (text/plain, inline)]

Package: rsync
Version: 2.6.9-3
Severity: serious
Tags: security

Hi,
CVE-2007-4091 has not yet been published on mitre (RESERVED)
but Sebastian Krahmer (SuSE) published the issue in his 
weblog. There is an off-by-one programming error in sender.c
He also published a patch which is attached to this mail.
More information about the issue can be found on:
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[rsync-2.6.9-fname-obo.diff (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #10 received at 438125-close@bugs.debian.org (full text, mbox, reply):

From: Paul Slootman <paul@debian.org>

To: 438125-close@bugs.debian.org

Subject: Bug#438125: fixed in rsync 2.6.9-5

Date: Wed, 15 Aug 2007 19:47:04 +0000

Source: rsync
Source-Version: 2.6.9-5

We believe that the bug you reported is fixed in the latest version of
rsync, which is due to be installed in the Debian FTP archive:

rsync_2.6.9-5.diff.gz
  to pool/main/r/rsync/rsync_2.6.9-5.diff.gz
rsync_2.6.9-5.dsc
  to pool/main/r/rsync/rsync_2.6.9-5.dsc
rsync_2.6.9-5_amd64.deb
  to pool/main/r/rsync/rsync_2.6.9-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 438125@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Slootman <paul@debian.org> (supplier of updated rsync package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 15 Aug 2007 21:24:47 +0200
Source: rsync
Binary: rsync
Architecture: source amd64
Version: 2.6.9-5
Distribution: unstable
Urgency: high
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Paul Slootman <paul@debian.org>
Description: 
 rsync      - fast remote file copy program (like rcp)
Closes: 438125
Changes: 
 rsync (2.6.9-5) unstable; urgency=high
 .
   * fix two off-by-one errors leading to potential buffer overflow which may
     corrupt the stack (CVE-2007-4091)
     closes:#438125
Files: 
 0742560bcdcdc1e08ec224a2a8029184 556 net optional rsync_2.6.9-5.dsc
 5fa7b565e7de5365d172aad041ab3992 38544 net optional rsync_2.6.9-5.diff.gz
 4d29fcd2856c5ed4291e3c15f7774fd8 275002 net optional rsync_2.6.9-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFGw1X+utvvqbTW3hMRAgoXAJ4zTJCGnbHpc40A0R+b/Yf3gbsC3wCfUL0w
LhACToxV72HxJCNS3JtJGcA=
=P1QW
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.