Bug 68603 - should have a regression test for CVE-2013-0292
Summary: should have a regression test for CVE-2013-0292
Status: RESOLVED FIXED
Alias: None
Product: dbus
Classification: Unclassified
Component: GLib (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Simon McVittie
QA Contact:
URL:
Whiteboard:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2013-08-27 11:29 UTC by Simon McVittie
Modified: 2013-10-21 11:32 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Add a regression test for CVE-2013-0292 (9.17 KB, patch)
2013-08-27 11:29 UTC, Simon McVittie 		Details | Splinter Review
View All

Description Simon McVittie 2013-08-27 11:29:29 UTC 
Created attachment 84701 [details] [review]
Add a regression test for CVE-2013-0292

Inspired by Sebastian Krahmer's 'darklena.c', which used
this bug to exploit pam_fprintd.

---

I'd intended to release this maybe a week or two after we fixed the actual vulnerability (since it makes it rather too obvious how to exploit it), but I forgot.
Comment 1 Simon McVittie 2013-10-21 11:32:11 UTC 
It's had nearly 2 months without either veto or review, so I timed out and pushed it anyway. Revert it if you object.

Fixed in git for 0.102.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.