Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 95347
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 95347 depends on: Show dependency tree
Bug 95347 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-07 07:40 0000 
Gaim plans on releasing 1.3.1 on Thursday to fix a Yahoo DoS.

It is possible to crash gaim by sending a file transfer of a file with a
file name with some character sets.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-06-07 07:44:11 0000 ------- 
Patch @
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/yahoo/yahoo_filexfer.c?r1=1.13.2.9&r2=1.13.2.10&diff_format=u

rizzo: please don't commit anything until the public release. Then it's your
call between applying the patch to the current one, or releasing a pure 1.3.1.

------- Comment #2 From Don Seiler (RETIRED) 2005-06-08 11:12:20 0000 ------- 
I'd rather just wait for 1.3.1.  It will be out tomorrow night.

------- Comment #3 From Don Seiler (RETIRED) 2005-06-08 11:13:14 0000 ------- 
An MSN DOS was also posted today to the gaim-packagers list which *should* be
fixed for 1.3.1 as well.

------- Comment #4 From Don Seiler (RETIRED) 2005-06-09 20:58:47 0000 ------- 
gaim-1.3.1 is now in portage, stable x86, unstable all others.

------- Comment #5 From Thierry Carrez (RETIRED) 2005-06-10 00:33:26 0000 ------- 
MSN Remote DoS (CAN-2005-1934)
Discovered By	Hugo de Bokkenrijder
Remote attackers can cause a denial of service (crash) via a malformed MSN
message that leads to a memory allocation of a large size, possibly due to an
integer signedness error.

Remote Yahoo! crash (CAN-2005-1269)
Discovered By	Jacopo Ottaviani
Remote denial of service when being offered files with names containing
non-ASCII characters.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-06-10 00:34:48 0000 ------- 
Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Arches, please test and mark stable

------- Comment #7 From Gustavo Zacarias (RETIRED) 2005-06-10 06:00:42 0000 ------- 
sparc stable.

------- Comment #8 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-10 12:10:19 0000 ------- 
Stable on ppc.

------- Comment #9 From Simon Stelling (RETIRED) 2005-06-10 13:11:25 0000 ------- 
stable on amd64

------- Comment #10 From Aron Griffis (RETIRED) 2005-06-10 13:32:54 0000 ------- 
stable on alpha ia64

------- Comment #11 From SpanKY 2005-06-10 23:46:09 0000 ------- 
arm stable

------- Comment #12 From Markus Rothe 2005-06-11 03:13:37 0000 ------- 
stable on ppc64

------- Comment #13 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-12 04:16:30 0000 ------- 
Stable on hppa.

------- Comment #14 From Thierry Carrez (RETIRED) 2005-06-12 07:11:20 0000 ------- 
GLSA 200506-11
mips: remember to mark stable to benefir from GLSA

------- Comment #15 From Hardave Riar (RETIRED) 2005-07-07 23:55:14 0000 ------- 
Stable on mips.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug