Debian Package Tracker

From: Peter Palfrader <weasel@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted mixmaster 3.0b2-5 (source i386)
Date: Sun, 22 Apr 2007 16:47:03 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 22 Apr 2007 17:43:13 +0200
Source: mixmaster
Binary: mixmaster
Architecture: source i386
Version: 3.0b2-5
Distribution: unstable
Urgency: high
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description: 
 mixmaster  - Anonymous remailer client and server
Closes: 418662
Changes: 
 mixmaster (3.0b2-5) unstable; urgency=high
 .
   * Backport a fix from upstream:
     In two functions in keymgt.c we had allocated a buffer of 33 bytes
     when if fact we were using one more - 34 - bytes.  This buffer
     overflow is exposed when building with gcc 4.x, it never was exposed
     with previous compilers because they apparently layed out the stack
     differently.
     The result of this buffer overflow is that a single 0-byte will be
     written at the end of the buffer.  At that position on the stack
     there is (at least in the previous build) a saved local variable
     from a calling function.  This local variable is a pointer to a
     BUFFER struct and this pointer has its least significant byte
     set to zero.
     This prevents mixmaster from properly decrypting incoming type2
     messages.  It's not likely that this can be exploited to execute
     arbitrary code, tho evidence or argument to the contrary are of course
     welcome.
     Upstream patch:
     http://svn.noreply.org/cgi-bin/viewcvs.cgi/trunk/Mix/Src/keymgt.c?rev=929&r1=766&r2=929
     Closes: #418662
     Thanks to Hauke Lampe and Colin Tuckley.
Files: 
 6558808af48df07efac1b02bfe1698d5 647 mail optional mixmaster_3.0b2-5.dsc
 b2d18e56d41357edd917534496598dcd 36921 mail optional mixmaster_3.0b2-5.diff.gz
 122c21342a39ea051b1ebe7ba3e010d5 241778 mail optional mixmaster_3.0b2-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGK489z/ccs6+kS90RAgLaAJ48KQyInHyKqLU9XvJIK17AKK5yMwCghhHK
uscCIGWVhVZTA/VAE9yCi3A=
=Tc94
-----END PGP SIGNATURE-----


Accepted:
mixmaster_3.0b2-5.diff.gz
  to pool/main/m/mixmaster/mixmaster_3.0b2-5.diff.gz
mixmaster_3.0b2-5.dsc
  to pool/main/m/mixmaster/mixmaster_3.0b2-5.dsc
mixmaster_3.0b2-5_i386.deb
  to pool/main/m/mixmaster/mixmaster_3.0b2-5_i386.deb
News for package mixmaster
