56595 2004-07-10 03:24 0000 app-text/wv-1.0.0 - Buffer Overflow Vulnerability 2004-07-14 04:14:38 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All All RESOLVED FIXED B2 [glsa] P2 normal --- 1 carlo@gentoo.org security@gentoo.org foser@gentoo.org carlo@gentoo.org 2004-07-10 03:24:32 0000 Caol carlo@gentoo.org 2004-07-10 03:24:32 0000 Caolán McNamara and Dom Lachowicz’s wv library has been found to contain a buffer overflow condition that can be exploited through a specially crafted document. If an attacker can convince a user to open an exploit document in HTML mode using an application that builds upon the wv library, it is possible for the attacker to execute arbitrary code under the privileges of that user. iDEFENSE has confirmed the existence of this vulnerability in version 0.7.4, and a slight variant of this vulnerability in versions 0.7.5, 0.7.6 and 1.0.0. http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities I'm not sure, who's the maintainer in this case - metadata.xml is missing. carlo@gentoo.org 2004-07-10 03:27:40 0000 forgot the patch url mentioned in the advisory: http://www.abisource.com/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root=/cvsroot&file=field.c&rev1=1.19&rev2=1.20 jaervosz@gentoo.org 2004-07-10 03:57:26 0000 Marinus you have committed the last few new versions will you commit a patched ebuild? Also you might want to correct HOMEPAGE to point to the SF page. foser@gentoo.org 2004-07-12 09:41:45 0000 added the patch + minor USE fix to the ebuild. Bumped to 1.0.0-r1 all stable (the fixes were minor and i guess this needs to go in). koon@gentoo.org 2004-07-12 13:06:57 0000 Ready for a GLSA koon@gentoo.org 2004-07-14 04:14:38 0000 GLSA 200407-11