142596 2006-08-02 18:24 0000 app-crypt/cfs - integer overflow (CVE-2006-3123) 2006-09-29 04:23:46 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED ~3 [tomask?] jaervosz P2 trivial --- 1 carlo@gentoo.org security@gentoo.org mkennedy@gentoo.org carlo@gentoo.org 2006-08-02 18:24:47 0000 from DSA 1138-1: Carlo Contavalli discovered an integer overflow in CFS, a cryptographic filesystem, which allows local users to crash the encryption daemon. For the stable distribution (sarge) this problem has been fixed in version 1.4.1-15sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.4.1-17. koon@gentoo.org 2006-08-12 08:00:11 0000 mkennedy, please bump to latest version. jaervosz@gentoo.org 2006-09-05 06:25:58 0000 mkennedy, please bump to latest version. jaervosz@gentoo.org 2006-09-13 23:29:10 0000 -dev mailed for assistance. jaervosz@gentoo.org 2006-09-19 00:28:32 0000 taviso/vapier could you try a bump? jaervosz@gentoo.org 2006-09-26 09:34:16 0000 No response in 6 weeks, I suggest a mask. Security any comments? koon@gentoo.org 2006-09-27 12:55:54 0000 I wouldn't mask it, sounds more like a bug than a vulnerability anyway... mkennedy@gentoo.org 2006-09-27 20:39:06 0000 i updated it vorlon@gentoo.org 2006-09-29 04:23:46 0000 thanks... closing since it is not stable on any arch