Ubuntu
kdepim package

crash with gmane nntp server and kvm.devel newsgroup

Bug #209403 reported by Andreas Jellinghaus
256
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

gmane is a public nntp server with many mailing lists piped into newsgroups.
knode (both standalone and inside kontact) work fine with this for my for many
newsgroups and did so for a long time.

but: if I subscribe to "gmane.comp.emulators.kvm.devel" and hi the button
to get the latest news, then knode crashes once it tries to get the new data
for that group. it is not a problem with the file info for that newsgroup,
as I can remove all such files, subscribe again and it crashes again.

so I guess some wiered content (e.g. some strange header) is the cause,
and the problem might be a security issue (segfault via some net protocol
could be a way for a remote exploit), but I'm no expert here.

Revision history for this message
Andreas Jellinghaus (tolonuga) wrote :

I'm running ubuntu 7.10 "gutsy" with knode package 4:3.5.7enterprise20070926-0ubuntu2.1
on amd64.

Revision history for this message
Richard Birnie (rbirnie-deactivatedaccount) wrote :

Following up on some old bugs. Sorry for the string of questions just trying to clarify the situation.
Does this bug still occur in Hardy?
Does it only occur in the KDE3 version of Knode or does it also occur under KDE4?
Is it only that one particular group that causes the crash or are there others?

As someone who doesn't use Knode or newsgroups if you can tell me how to subscribe to a group I can try to reproduce this in intrepid. If you are able to induce the crash reliably could you please install the package kdepim-dbg (or kdepim-kd4-dbg for kde4 on hardy) and induce the crash to get a backtrace. This package contains the debugging symbols and will hopefully provide us with some information on what causes this crash.

Changed in kdepim:
status: New → Incomplete
Revision history for this message
Richard Birnie (rbirnie-deactivatedaccount) wrote :

sorry, typo, that should be kdepim-kde4-dbg for kde4 on hardy

Revision history for this message
Andreas Jellinghaus (tolonuga) wrote :

my kontact is german, so I try to translate back to english:

start kontact
click usenet
click "zugang" (maybe acces? between "go to" and "groups", 5th menu item from left
click settings
name: gmane
server: news.gmane,org
port: 119
click ok
in the tree click on gmane, right-click
select subsribe news groups
click new list button
search for kvm
select gmane.comp.emulators.kvm.devel
click ok
click 5th button "get new articles for all groups"
click gmane.comp.emulators.kvm.devel
and now I can't figure out how to see articles as old as 6 months -
by default knode only accesses the last 1000 articles. or is gmane
only offering those via nntp? no idea.

doing nothing on a security related bug for 6 months is not exactly great.
I wonder if reporting bugs to ubuntu is worth the work, if the result is nothing.

Revision history for this message
Richard Birnie (rbirnie-deactivatedaccount) wrote :

Thanks for following up on this. Two people have tried to reproduce this crash based on your test case on both hardy and intrepid systems. Neither can reproduce it.

If you are able to reproduce this crash then the best course of the action would be to install the kdepim-dbg package and get a good back trace, then report it directly to upstream at bugs.kde.org

Changed in kdepim:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.