First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 130657
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 130657 depends on: Show dependency tree
Bug 130657 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-04-20 13:58 0000 
A bug was found in the way ruby creates its http (and thus xmlrpc)
server.  The server uses blocking sockets, so if it is possible to
send a very large amount of data via the socket, the server will block
other connections resulting in a denial of service.

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-04-20 14:00:06 0000 ------- 
Ruby please advise and bump as needed.

------- Comment #2 From Caleb Tennis 2006-04-20 16:11:47 0000 ------- 
Looks to me like this is fixed in 1.8.4 (possibly 1.8.3, though I don't have
that on my system to check).

I'd recommend having the remaining arches bump to 1.8.4-r1 (or newer) to stable
to fix this issue.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-04-20 21:28:13 0000 ------- 
Thx Caleb,

amd64 seems to be the only arch needing to test 1.8.4

------- Comment #4 From Thierry Carrez (RETIRED) 2006-04-28 11:18:27 0000 ------- 
amd64 is late

------- Comment #5 From Simon Stelling (RETIRED) 2006-04-29 02:36:46 0000 ------- 
amd64 stable. it seems you have missed hppa, they have 1.0.3 stable but not
1.0.4-r1

------- Comment #6 From René Nussbaumer 2006-05-01 11:08:30 0000 ------- 
stable on hppa as well.

------- Comment #7 From Thierry Carrez (RETIRED) 2006-05-02 09:29:45 0000 ------- 
I tend to vote yes, but very light one.

------- Comment #8 From Sune Kloppenborg Jeppesen 2006-05-02 09:44:46 0000 ------- 
Half YES from me.

------- Comment #9 From Raphael Marichez 2006-05-05 13:39:49 0000 ------- 
don't know

------- Comment #10 From Adir Abraham 2006-05-06 02:07:42 0000 ------- 
I tend to vote YES as well.

------- Comment #11 From Thierry Carrez (RETIRED) 2006-05-07 11:00:14 0000 ------- 
So let's have one.

------- Comment #12 From Wolf Giesen (RETIRED) 2006-05-07 22:51:03 0000 ------- 
I tend to see a yes, too, but actually I'm a little afraid we're opening
pandoras box if we're going to include everything like this.

------- Comment #13 From Sune Kloppenborg Jeppesen 2006-05-09 22:31:56 0000 ------- 
GLSA 200605-11
First Last Prev Next    No search results available      Search page      Enter new bug