Summary: | <dev-db/couchdb-1.5.1: remote denial of service flaw (CVE-2014-2668) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | aranea, djc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1082168 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-31 09:44:27 UTC
Yeah, 1.5.1 is forthcoming. Ping. Dirkjan, I guess you forgot this. The bump is a trivial rename-only one. I've added 1.5.1 now, thanks Luis for reminding me. Stable time? Yes, please. Arches, please test and mark stable: =dev-db/couchdb-1.5.1 Target Keywords : "amd64 ppc x86" Thank you! amd64 stable ppc stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup done. CVE-2014-2668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668): Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Maintainer(s), Thank you for cleanup! GLSA VOTE: YES YES too, request filed. This issue was resolved and addressed in GLSA 201412-16 at http://security.gentoo.org/glsa/glsa-201412-16.xml by GLSA coordinator Sean Amoss (ackle). |