Summary: | <=net-p2p/gift-fasttrack-0.8.6 remotely crashable | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Jon Hood (RETIRED) <squinky86> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | amd64, net-p2p, ppc | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Jon Hood (RETIRED)
2004-06-19 14:00:47 UTC
Forgot to mention- this is just a null pointer vulnerability, I'm not sure if it was severe enough to report, but I thought I better be safe ;) I see no reason of having ppc and sparc mark stable on this one, since afaik they never had this package stable anyway. amd64 marked stable, so I think it's ready. I would vote for no GLSA on this one. Created attachment 33649 [details]
gift-fasttrack GLSA
Ah, you are correct- sorry to bother you, ppc and sparc teams. I know I'm not
the one who is normally in charge of GLSA's, but while they were working on the
fix, I went ahead and drafted one. It is attached for reference should you
chose to send one out. Otherwise, the vulnerable versions of this package have
been removed from portage and this bug can be closed.
Created attachment 33650 [details]
gift-fasttrack GLSA
Stable on sparc. since remote users can crash the daemon (i.e. it is not directly controllable by the user) I'd say this deserves a GLSA. GLSA 200406-19 |