-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 14 Apr 2006 20:59:07 +0200 Source: tcpick Binary: tcpick Architecture: source i386 Version: 0.2.1-3 Distribution: unstable Urgency: high Maintainer: Cédric Delfosse <cedric@debian.org> Changed-By: Cédric Delfosse <cedric@debian.org> Description: tcpick - TCP stream sniffer and connection tracker Closes: 360571 Changes: tcpick (0.2.1-3) unstable; urgency=high . * src/write.c: temporary patch to fix CVE-2006-0048 (Closes: Bug#360571) As upstream is not responsive, I have written this one-line patch. With the option -yP, tcpick shows data contained in the captured packets. For some packets, tcpick computes a negative buffer length, which is used in a while (buffer length) {} loop to display the packet content. When the buffer length is negative, the loop never ends, and tcpick segfaults after a while. This patch tests if the computed buffer length is negative before using it, and set it to 0 in this case. Files: 0f68563f61fbc42b344a9bb2a4455c33 593 net optional tcpick_0.2.1-3.dsc 5008447b0492f666df27669f89d9b382 4895 net optional tcpick_0.2.1-3.diff.gz 6f1421ca851027121ec974e44b792219 36056 net optional tcpick_0.2.1-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFER/pubmmXPPfovGMRArtmAJ4qSflcuXb+ba3UKyKulq0vyKWqogCdEVIm CNUwskcJxpf/JRaIg4o1bAs= =FTbK -----END PGP SIGNATURE----- Accepted: tcpick_0.2.1-3.diff.gz to pool/main/t/tcpick/tcpick_0.2.1-3.diff.gz tcpick_0.2.1-3.dsc to pool/main/t/tcpick/tcpick_0.2.1-3.dsc tcpick_0.2.1-3_i386.deb to pool/main/t/tcpick/tcpick_0.2.1-3_i386.deb
