Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 91862
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
gaim-long_url.patch gaim-long_url.patch patch Sune Kloppenborg Jeppesen 2005-05-08 00:52 0000 3.83 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 91862 depends on: Show dependency tree
Bug 91862 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-05-08 00:51 0000 
Reported on Vendor-Sec:

There is a buffer overflow in gaim where an attacker can send a very long URL in a message (>8192 bytes).  It's a stack based overflow, looks pretty
ugly.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-05-08 00:52:45 0000 ------- 
Created an attachment (id=58320) [details]
gaim-long_url.patch

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-05-08 00:54:35 0000 ------- 
Don please attach an updated ebuild to this bug, do NOT commit anything to CVS.

------- Comment #3 From Don Seiler (RETIRED) 2005-05-09 06:48:33 0000 ------- 
Note that another CVE is coming from an MSN remote DoS bug.  That fix is at
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/slp.c?r1=1.12.2.12&r2=1.12.2.13&diff_format=u

Gaim postponed a previously scheduled release to include that first CVE fix and
I believe this MSN one as well.  Release is scheduled for tomorrow evening.

------- Comment #4 From Don Seiler (RETIRED) 2005-05-10 08:02:07 0000 ------- 
Confirmed that new gaim release will be tonight.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-05-10 08:49:47 0000 ------- 
Thx Rizzo. Once it is public and we have an ebuild just open up this bug and
call arches, might be while I sleep.

------- Comment #6 From Don Seiler (RETIRED) 2005-05-10 20:55:43 0000 ------- 
gaim-1.3.0 is released and in portage.  Stable x86.  Other arches please test
and stabilize ASAP.

jaervosz: It seems only security team members can make a bug public.  It won't
let me uncheck the box.

------- Comment #7 From Sune Kloppenborg Jeppesen 2005-05-10 21:46:54 0000 ------- 
Sorry about that, opening. Arches please test and mark stable.

------- Comment #8 From Jan Brinkmann (RETIRED) 2005-05-11 04:04:38 0000 ------- 
stable on amd64

------- Comment #9 From Stefan Cornelius (RETIRED) 2005-05-11 04:21:37 0000 ------- 
Gaim fixes another security issue (MSN Remote DoS, CAN-2005-1262) in 1.3.0:
http://gaim.sourceforge.net/security/index.php?id=17

------- Comment #10 From Gustavo Zacarias (RETIRED) 2005-05-11 05:46:00 0000 ------- 
we came, we tested, we sparc'ed.

------- Comment #11 From Lars Weiler (RETIRED) 2005-05-11 06:01:00 0000 ------- 
stable on ppc, of course

------- Comment #12 From Don Seiler (RETIRED) 2005-05-11 06:16:59 0000 ------- 
Yes the MSN exploit is also fixed in gaim-1.3.0.

------- Comment #13 From Markus Rothe 2005-05-11 09:05:37 0000 ------- 
stable on ppc64

------- Comment #14 From Bryan Østergaard (RETIRED) 2005-05-11 16:18:22 0000 ------- 
Stable on alpha + ia64.

------- Comment #15 From Sune Kloppenborg Jeppesen 2005-05-11 21:48:01 0000 ------- 
GLSA 200505-09

arm, hppa, mips please remember to mark stable to benifit from GLSA.

------- Comment #16 From René Nussbaumer 2005-06-26 07:43:46 0000 ------- 
Already stable on hppa
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug