Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 162318 | Product: Gentoo Linux | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: RESOLVED | Severity: normal | Priority: P2 |
| Resolution: FIXED | Assigned To: pauldv@gentoo.org | Reported By: kalin@ThinRope.net | |
| Component: Applications | |||
| URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0157 | |||
| Summary: net-misc/neon: a denial of service (crash) via a URI with non-ASCII characters (CVE-2007-0157) | |||
| Keywords: | |||
| Status Whiteboard: | |||
| Opened: 2007-01-16 04:13 0000 | |||
| Description: | Opened: 2007-01-16 04:13 0000 |
Please see the URL. Reproducible: Didn't try Steps to Reproduce: Patch available here: http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2 Is this upstream? Do we need GLSA for that?
it's a client-side DoS, usually we don't handle client-side DoS since a bad URI is also a form of disruption of service. But thanks a lot for the report, Kalin. Reassigning to the maintainer as a non-security bug.
And reassiging. Paul is not the real maintainer, but... who else? There is no upstream fixed release according to http://www.webdav.org/neon/ A proposed patch is provided in the debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2 Paul, act as you want :)