Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 164452 - <=net-im/gaim-2.0.0_beta6 - potencial DoS in yahoo.c
Summary: <=net-im/gaim-2.0.0_beta6 - potencial DoS in yahoo.c
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Net-im project
URL: https://sourceforge.net/tracker/index...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-29 19:52 UTC by rx Kaffee
Modified: 2007-03-25 14:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patches beta6 to beta6-r1 (gaim-2.0.0_beta6-r1.ebuild.diff,1.03 KB, patch)
2007-01-29 19:56 UTC, rx Kaffee 		Details | Diff
Kills DoS in libgaim/protocols/yahoo/yahoo.c (gaim-2.0.0_beta6-yahoo_dos.patch,394 bytes, patch)
2007-01-29 19:59 UTC, rx Kaffee 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description rx Kaffee 2007-01-29 19:52:51 UTC 
IUSE flag "yahoo-dos" added to enable patch for blocking yahoo system messages in gaim. This disables the DoS potential in yahoo protocol's handeling of being added to an MSN Live user's contact list. DoS described in gaim bug https://sourceforge.net/tracker/index.php?func=detail&aid=1638339&group_id=235&atid=100235
Comment 1 rx Kaffee 2007-01-29 19:56:09 UTC 
Created attachment 108516 [details, diff]
patches beta6 to beta6-r1

Add IUSE "yahoo-dos" to apply gaim-2.0.0_beta6-yahoo_dos.patch
Comment 2 rx Kaffee 2007-01-29 19:59:19 UTC 
Created attachment 108517 [details, diff]
Kills DoS in libgaim/protocols/yahoo/yahoo.c

Disables Yahoo system messages
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-10 21:36:20 UTC 
Client-side DoS. Reassining
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-25 07:53:31 UTC 
Fixing product.
Comment 5 Olivier Crete (RETIRED) gentoo-dev 2007-03-25 14:37:53 UTC 
the fix sucks.. and its an upstream problem.... and its this is a beta... so we'll wait until the next release.