Summary: | app-text/o3read-0.0.3: parse_html overflows buffer | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sascha Silbe <sascha-gentoo-bugzilla> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | avenj | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sascha Silbe
2004-12-15 05:19:55 UTC
Created attachment 46030 [details]
58.xml from advisory
====================================================== Candidate: CAN-2004-1288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1288 Reference: MISC:http://tigger.uic.edu/~jlongs2/holes/o3read.txt Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file. ====================================================== Upstream looks dead. 0.0.3 version was released 26-Nov-2002. Looks like a good candidate for security masking. Jon: please let us know if you think you can fix it or if you prefer that we mask it. Download location is dead, it survives because it's been mirrored by us. avenj did not answer, requesting a mask here too. package masked by request of koon/security team. Download location is now apparently up. Version 0.0.4 released. Only ChangeLog notice is this: 050107 Added range check to parse_html(). Apart from a few comments and some extra stuff in the Makefile, this is the only change. An ebuild version bump compiles and installs correctly, but I couldn't verify that the proof of concept code didn't work any more (couldn't get it to work in the first place, since it's apparently BSD shell-code and I'm using Linux). Thanks Peter, did not notice that. avenj: care to bump ? Sorry about the delayed response; I get a very large quantity of mail from Bugzilla, and it's easy for things to get lost. I've committed o3read 0.0.4. This app is extremely trivial, and as such 0.0.4 has been committed directly to stable. Thanks Jon, ready for a GLSA. Package should be unmasked before sending. Removed the mask. GLSA 200501-20 |