-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 28 Dec 2002 01:12:58 +0900 Source: osh Binary: osh Architecture: source i386 Version: 1.7-12 Distribution: unstable Urgency: high Maintainer: Oohara Yuuma <oohara@debian.org> Changed-By: Oohara Yuuma <oohara@debian.org> Description: osh - Operator's Shell Closes: 168383 Changes: osh (1.7-12) unstable; urgency=high . * urgency set to high because this version fixes a buffer overflow that may cause unauthorized privilege escalation (I'm not sure, but this is a setuid root shell, so you can't be too careful) * main.c, struct.h: hacked gettoken() so that it can check the size of the buffer (closes: #168383) (my patch in #168383 has one bug --- gettoken() has to check if iword_length >= 2, not 1) * note that the upstream put some arbitrary restrictions: - max length of file name: 31 - max length of word (for example, command name): 19 - max length of environment variable: 39 Files: ae52e94b819195fe78ac08b6be841e38 553 shells extra osh_1.7-12.dsc 5d0549cd5ac5a699946c3c0ebea192be 11661 shells extra osh_1.7-12.diff.gz b9a46d79fa43ea9f3e07cbb3a7128ba6 26782 shells extra osh_1.7-12_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+DI8FQNb0LvRkppURApmxAKDAbgm10HnViRNPgSaizj5XMwiWRQCdHvnU Rgihinf3Eype7515asCRexA= =RlIr -----END PGP SIGNATURE----- Accepted: osh_1.7-12.diff.gz to pool/main/o/osh/osh_1.7-12.diff.gz osh_1.7-12.dsc to pool/main/o/osh/osh_1.7-12.dsc osh_1.7-12_i386.deb to pool/main/o/osh/osh_1.7-12_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org