First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 54452
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jon Hood (RETIRED) <squinky86@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
gift-fasttrack-glsa gift-fasttrack GLSA text/plain Jon Hood (RETIRED) 2004-06-20 10:49 0000 2.00 KB Details
gift-fasttrack-glsa gift-fasttrack GLSA text/plain Jon Hood (RETIRED) 2004-06-20 10:51 0000 2.00 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 54452 depends on: Show dependency tree
Bug 54452 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-06-19 14:00 0000 
please mark gift-fasttrack-0.8.7 stable on all architectures- a vulnerability
exists that allows the giFT daemon to be remotely crashable. It is not deemed a
severe vulnerability, only crashing giFTd. The fix is to upgrade to
gift-fasttrack-0.8.7.

------- Comment #1 From Jon Hood (RETIRED) 2004-06-19 14:03:28 0000 ------- 
Forgot to mention- this is just a null pointer vulnerability, I'm not sure if
it was severe enough to report, but I thought I better be safe ;)

------- Comment #2 From Thierry Carrez (RETIRED) 2004-06-20 01:52:22 0000 ------- 
I see no reason of having ppc and sparc mark stable on this one, since afaik
they never had this package stable anyway. amd64 marked stable, so I think it's
ready.

I would vote for no GLSA on this one.

------- Comment #3 From Jon Hood (RETIRED) 2004-06-20 10:49:01 0000 ------- 
Created an attachment (id=33649) [details]
gift-fasttrack GLSA

Ah, you are correct- sorry to bother you, ppc and sparc teams. I know I'm not
the one who is normally in charge of GLSA's, but while they were working on the
fix, I went ahead and drafted one. It is attached for reference should you
chose to send one out. Otherwise, the vulnerable versions of this package have
been removed from portage and this bug can be closed.

------- Comment #4 From Jon Hood (RETIRED) 2004-06-20 10:51:38 0000 ------- 
Created an attachment (id=33650) [details]
gift-fasttrack GLSA

------- Comment #5 From Jason Wever (RETIRED) 2004-06-23 20:44:06 0000 ------- 
Stable on sparc.

------- Comment #6 From Kurt Lieber 2004-06-24 09:32:30 0000 ------- 
since remote users can crash the daemon (i.e. it is not directly controllable
by the user) I'd say this deserves a GLSA.

------- Comment #7 From Thierry Carrez (RETIRED) 2004-06-24 13:43:15 0000 ------- 
GLSA 200406-19
First Last Prev Next    No search results available      Search page      Enter new bug