Bug 214812

Summary:	net-im/silc-server <1.1.2, net-im/silc-client <1.1.4 net-im/silc-toolkit <1.1.7 possible buffer overflow in PKCS#1 message decoding (CVE-2008-1552)
Product:	Gentoo Security	Reporter:	RB <aoz.syn>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	net-irc
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://silcnet.org/general/news/?item=server_20080320_1
Whiteboard:	B1? [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	214116

Description RB 2008-03-25 23:51:41 UTC

Published vulnerability in PKCS#1 handling.  Bumped ebuild version, works fine (no changes).

Comment 1 Raúl Porcel (RETIRED) gentoo-dev

2008-03-26 11:05:19 UTC

=net-im/silc-server-1.1.2
=net-im/silc-client-1.1.4
=net-im/silc-toolkit-1.1.7

in the tree

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-03-26 12:04:49 UTC

Arches, please test and mark stable:
=net-im/silc-server-1.1.2
Target keywords : "ppc release sparc x86"

=net-im/silc-client-1.1.4
Target keywords : "amd64 ppc release sparc x86"

=net-im/silc-toolkit-1.1.7
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"

Comment 3 Markus Rothe (RETIRED) gentoo-dev

2008-03-26 18:19:16 UTC

ppc64 done

Comment 4 Markus Meier gentoo-dev

2008-03-26 22:24:24 UTC

amd64/x86 stable

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2008-03-27 12:19:56 UTC

alpha/ia64/sparc stable

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-27 18:18:49 UTC

ppc stable

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2008-03-27 21:04:09 UTC

Stable for HPPA.

Comment 8 Peter Volkov (RETIRED) gentoo-dev

2008-03-28 08:19:56 UTC

Fixed in release snapshot.

Comment 9 Tobias Heinlein (RETIRED) gentoo-dev

2008-04-24 16:34:52 UTC

GLSA 200804-27.