Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 51490 - net-misc/neon <= 0.24.5 date parsing vulnerability
Summary: net-misc/neon <= 0.24.5 date parsing vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://security.e-matters.de/advisori...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-19 10:53 UTC by Tobias Weisserth
Modified: 2004-05-20 17:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
koon: Assigned_To? (koon)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Weisserth 2004-05-19 10:53:18 UTC
See advisory here:

http://security.e-matters.de/advisories/062004.html

Debian has already issued new packages and an advisory:

http://www.debian.org/security/2004/dsa-506

This bug also affects "cadaver":

http://www.debian.org/security/2004/dsa-507

I'll open another bug for this.

Tobias

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-05-19 14:06:32 UTC
This one is for pauldv too :)
Waiting for a bump to 0.24.6.
Comment 2 Paul de Vrieze (RETIRED) gentoo-dev 2004-05-19 15:01:52 UTC
I just committed 0.24.6 to testing. I'll mark it stable tomorrow if nothing turns up
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-05-20 10:32:57 UTC
0.24.6 has been made stable on major arches, so this is ready for a GLSA draft too.

s390 : please mark stable to benefit from the future GLSA.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-05-20 10:49:39 UTC
GLSA drafted
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-05-20 11:42:16 UTC
GLSA 200405-13
Comment 6 Michael McCabe (RETIRED) gentoo-dev 2004-05-20 17:58:58 UTC
Stable on s390