Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 264607

Summary: <net-im/centerim-4.22.7-r1 contact description DOS (CVE-2008-4776)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: swegener
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 244888, 264606    
Bug Blocks:    

Description Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 11:12:31 UTC 
centerim bundles libgadu

+++ This bug was initially created as a clone of Bug #244888 +++

CVE-2008-4776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776):
  libgadu before 1.8.2 allows remote servers to cause a denial of
  service (crash) via a contact description with a large length, which
  triggers a buffer over-read.
Comment 1 Sven Wegener gentoo-dev 2009-04-05 10:20:15 UTC 
I've commited centerim-4.22.7-r1 to the tree, containing a fix for the mentioned security issue.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-04-12 20:51:06 UTC 
Arches, please test and mark stable:
=net-im/centerim-4.22.7-r1
Target keywords : "amd64 x86"
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-04-14 13:07:24 UTC 
amd64 stable
Comment 4 Markus Meier gentoo-dev 2009-04-15 19:44:22 UTC 
x86 stable, all arches done.
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-04-15 20:03:25 UTC 
Voting, please: I vote NO (client DoS)
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2009-04-15 20:09:04 UTC 
NO, closing.