100934 – buffer overflow in jabberd2 2.0.8;

Bug 100934 - buffer overflow in jabberd2 2.0.8;

Summary: buffer overflow in jabberd2 2.0.8;

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest major (vote)
Assignee:	Gentoo Linux bug wranglers

URL:	http://mail.jabber.org/pipermail/jadm...
Whiteboard:	[noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-07-31 14:21 UTC by Slobodan D. Sredojevic
Modified:	2006-01-12 02:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Slobodan D. Sredojevic 2005-07-31 14:21:42 UTC

The jabberd project team is pleased to announce the release of jabberd 2.0s9. 
This is a security release. There is a buffer overflow that could be used to 
perform a DoS attack and possible code execution. It is *HIGHLY* recommended 
that you upgrade!

Note: net-im/jabber-2.0.8-r2 is masked in the portage tree but many people are
using it on the production servers. So, maybe gentoo needs version bump to 2.0.9.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-01-12 02:46:32 UTC

Sorry Slobodan, this one was pending by bug-wranglers who couldn't wrangle it because it was restricted, so nobody ever noticed. jabberd 2.0.9 is now in portage, old package was never stable - closing.