Control: close -1 Closing (and agreeing on this) by use request. Mike On Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote: > Squeeze reached end of life. > Package libc6 in wheezy is patched against the bug. > Package libc6 in jessie is not vulnerable as it uses a newer libc6 > release. > > So I think we should close this bug and concentrate on updating our > mesa code to the newest version instead of patching some old version. > > Best regards > > Heinrich > > On 31.01.2015 16:04, Mike Gabriel wrote: >> Hi Heinrich, >> >> On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote: >> >>> package: nx-libs version: head >>> >>> In different parts of the nx-libs library you can find usages of >>> scanf like >>> >>> /* check for MESA_GAMMA environment variable */ gamma = >>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma = >>> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f", >>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma ); >>> >>> According to cppcheck: >>> >>> scanf without field width limits can crash with huge input data >>> on libc versions older than 2.13-25. Add a field width specifier >>> to fix this problem: %i => %3i >> >> Any chance you could also provide a patch for this? >> >> Mike >> -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb