Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 118096 - net-www/mod_auth_pgsql: Multiple Format String Vulnerabilities (CVE-2005-3656)
Summary: net-www/mod_auth_pgsql: Multiple Format String Vulnerabilities (CVE-2005-3656)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.frsirt.com/english/advisor...
Whiteboard: B1? [glsa] DerCorny
Keywords:
: 114395 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-01-06 13:50 UTC by Guillaume Castagnino
Modified: 2006-01-10 21:33 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guillaume Castagnino 2006-01-06 13:50:17 UTC 
Multiple vulnerabilities were identified in mod_auth_pgsql for Apache2, which could be exploited by remote attakers to execute arbitrary commands.

See changelog :
2.0.3       2006-01-05 (Giuseppe Tanzilli <info@giuseppetanzilli.it>)
                    - Security fix from iDefense Security Advisory [IDEF1245]
                    - many bug fix

Simple bump work very well for me (ebuild here : http://gentoo.xwing.info/net-www/mod_auth_pgsql/mod_auth_pgsql-2.0.3.ebuild )
please upgrade quickly !

Regards
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-07 06:42:01 UTC 
one of the 2 maintainer herds, pls provide fixed packages, thx
Comment 2 Luca Longinotti (RETIRED) gentoo-dev 2006-01-07 09:13:30 UTC 
net-www/mod_auth_pgsql-2.0.3 is in the tree now.
Best regards, CHTEKK.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-07 09:20:00 UTC 
arches, you know the deal - test and mark stable, thx
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-01-07 09:36:20 UTC 
*** Bug 114395 has been marked as a duplicate of this bug. ***
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-01-07 13:54:17 UTC 
Marked ppc stable
Comment 6 Mark Loeser (RETIRED) gentoo-dev 2006-01-07 21:49:45 UTC 
x86 done
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2006-01-08 09:40:53 UTC 
amd64 stable
Comment 8 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-08 09:43:28 UTC 
ready for a sweet nice glsa
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-10 21:33:49 UTC 
GLSA 200601-05
Thanks to everybody involved.