Summary: | net-proxy/havp < 0.89 sockethandler.cpp Infinite loop DoS (CVE-2008-3688) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Per Pomsel <phantom4> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-proxy+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.server-side.de/ | ||
Whiteboard: | B3 [glsa] Falco | ||
Package list: | Runtime testing required: | --- |
Description
Per Pomsel
2008-08-14 09:16:43 UTC
03.08.2008 HAVP 0.89 released - Fix possible retry loop and hang (thanks to Peter Warasin @ endian.it) - Always send Via: header, fixes some IIS problems (e.g. MSNBC) I took the liberty of bumping it since there is no significative change. And it seems it has a security impact. So, reassigning to security. Original advisory is here: https://sourceforge.net/mailarchive/forum.php?thread_name=487CDF51.5060201%40endian.com&forum_name=havp-devel Hi AMD64 team and X86 team, please could you test & stabilize net-proxy/havp-0.89, thanks. amd64/x86 stable, all arches done. Thanks. Time to vote. I would vote glsa because that kind of DoS is really easy to trigger. But half-yes because of the weak distribution of that software. I'll vote yes, because it's a security-specific application - the people that ARE using it need to know. yes too, request filed. GLSA 200809-11 |