88028 – net-misc/pavuk: Unspecified Buffer Overflow Vulnerabilities

Bug 88028 - net-misc/pavuk: Unspecified Buffer Overflow Vulnerabilities

Summary: net-misc/pavuk: Unspecified Buffer Overflow Vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/14571/
Whiteboard:	B? [stable] lewk
Keywords:

Depends on:
Blocks:

Reported:	2005-04-05 05:55 UTC by Jean-François Brunette (RETIRED)
Modified:	2005-04-09 22:11 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-04-05 05:55:53 UTC

Description:
Some vulnerabilities with unknown impacts have been reported in Pavuk.

The vulnerabilities are caused due to some unspecified errors and may result in buffer overflows.

Solution:
Update to version 0.9.32.
http://pavuk.sourceforge.net/download.html

Comment 1 Luke Macken (RETIRED) gentoo-dev

2005-04-05 06:11:35 UTC

dsd, please bump to 0.9.32.

Comment 2 Daniel Drake (RETIRED) gentoo-dev

2005-04-05 14:14:30 UTC

Bumped and marked stable on x86

Comment 3 Luke Macken (RETIRED) gentoo-dev

2005-04-05 14:51:49 UTC

ppc/spark, please mark stable.

Comment 4 Jason Wever (RETIRED) gentoo-dev

2005-04-05 20:36:44 UTC

Compilation dies on both sparc and ~sparc systems for me with the following;

if sparc-unknown-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -mcpu=ultrasparc -O2 -pipe  -Wall -DREVISION=\"2005-04-05T20:31\" -pthread     -MT condition.o -MD -MP -MF ".deps/condition.Tpo" -c -o condition.o condition.c; \
then mv -f ".deps/condition.Tpo" ".deps/condition.Po"; else rm -f ".deps/condition.Tpo"; exit 1; fi
In file included from condition.c:15:
/usr/include/netdb.h:633: error: conflicting types for `Rgetaddrinfo'
/usr/include/socks.h:113: error: previous declaration of `Rgetaddrinfo'
make[2]: *** [condition.o] Error 1
make[2]: Leaving directory `/var/tmp/portage/pavuk-0.9.32/work/pavuk-0.9.32/src'
make[1]: *** [all-recursive] Error 1 
make[1]: Leaving directory `/var/tmp/portage/pavuk-0.9.32/work/pavuk-0.9.32'
make: *** [all] Error 2

!!! ERROR: net-misc/pavuk-0.9.32 failed.
!!! Function src_compile, Line 38, Exitcode 2  
!!! (no error message) 
!!! If you need support, post the topmost build error, NOT this status message.

Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-04-06 13:05:14 UTC

For me (ppc) it fails with access violations:
ACCESS DENIED  open_wr:   /usr/share/locale/cs/LC_MESSAGES/pavuk.mo
/bin/install: cannot create regular file `/usr/share/locale/cs/LC_MESSAGES/pavuk.mo': Permission denied
...

Comment 6 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2005-04-07 01:39:46 UTC

Hi,

same error here on two ~x86 machines:

open_wr:   /usr/share/locale/de/LC_MESSAGES/pavuk.mo

Poly

Comment 7 Daniel Drake (RETIRED) gentoo-dev

2005-04-09 07:43:00 UTC

Was a problem with USE=nls - Fixed now.

Comment 8 Jason Wever (RETIRED) gentoo-dev

2005-04-09 11:47:46 UTC

Stable on SPARC

Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-04-09 12:12:45 UTC

Stable on ppc.

Comment 10 Luke Macken (RETIRED) gentoo-dev

2005-04-09 22:11:51 UTC

Closing bug without GLSA, since there is no details on this issue.

Please re-open if you have more information.