Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 493138 (CVE-2013-6050) - <www-client/links-2.8-r1: integer overflow in parsing of HTML tables (CVE-2013-6050)
Summary: <www-client/links-2.8-r1: integer overflow in parsing of HTML tables (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2013-6050
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-02 15:24 UTC by Agostino Sarubbo
Modified: 2014-02-07 22:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-12-02 15:24:54 UTC
From ${URL} :

An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser.
This is only known to be exploited when running Links in graphical mode.

References:
http://seclists.org/fulldisclosure/2013/Nov/217


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2013-12-04 04:26:25 UTC
Patch available for the vulnerability at this location:
https://bugzilla.redhat.com/attachment.cgi?id=831533

Please advise when build ready for stabilization. Thank you.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 16:57:36 UTC
CVE-2013-6050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6050):
  Integer overflow in Links before 2.8 allows remote attackers to cause a
  denial of service (crash) via crafted HTML tables.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2013-12-18 14:29:21 UTC
Test and stabilize:

=www-client/links-2.8-r1
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-12-19 13:46:36 UTC
Stable for HPPA.
Comment 5 Myckel Habets 2013-12-19 22:04:01 UTC
Builds and runs fine on x86. Please mark stable for x86.
Comment 6 Agostino Sarubbo gentoo-dev 2013-12-21 10:32:51 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-12-22 14:46:28 UTC
ppc64 stable
Comment 8 Pacho Ramos gentoo-dev 2013-12-22 19:00:54 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-12-23 14:26:06 UTC
alpha stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-12-23 14:48:53 UTC
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-12-23 14:53:05 UTC
sparc stable
Comment 12 Markus Meier gentoo-dev 2013-12-29 17:15:39 UTC
arm stable
Comment 13 Agostino Sarubbo gentoo-dev 2014-01-12 13:18:23 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 14 Sergey Popov gentoo-dev 2014-01-20 10:13:05 UTC
GLSA request filed
Comment 15 Sergey Popov gentoo-dev 2014-01-20 10:19:07 UTC
Oops, this should be rated B3, cause it's just DoS per secunia advisory and RedHat bug. But anyway, i have filed GLSA requests already
Comment 16 Chris Reffett (RETIRED) gentoo-dev Security 2014-02-07 21:12:57 UTC
Cleanup done.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2014-02-07 22:22:33 UTC
This issue was resolved and addressed in
 GLSA 201402-11 at http://security.gentoo.org/glsa/glsa-201402-11.xml
by GLSA coordinator Chris Reffett (creffett).