Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 220281 (CVE-2008-2040) - media-sound/peercast <10.218-r1 HTTP::getAuthUserPass stack based buffer overflow (CVE-2008-2040)
Summary: media-sound/peercast <10.218-r1 HTTP::getAuthUserPass stack based buffer over...
Status: RESOLVED FIXED
Alias: CVE-2008-2040
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-04 22:02 UTC by Robert Buchholz (RETIRED)
Modified: 2008-07-21 19:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
CVE-2008-2040.patch (CVE-2008-2040.patch,4.44 KB, patch)
2008-05-04 22:04 UTC, Robert Buchholz (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-04 22:02:42 UTC 
Nico Golde:
I found a security issue in the peercast server in the
HTTP::getAuthUserPass function. I already contacted the upstream author 6 days
ago and didn't get an answer yet so I am publishing this now.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-05-04 22:04:24 UTC 
Created attachment 151859 [details, diff]
CVE-2008-2040.patch

Patch proposed by Nico.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-05-21 01:55:34 UTC 
sound herd, please bump with the attached patch.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 19:00:06 UTC 
(In reply to comment #2)
> sound herd, please bump with the attached patch.
> 

*ping*
Comment 4 Peter Alfredsen (RETIRED) gentoo-dev 2008-07-06 19:38:07 UTC 
+*peercast-0.1218-r1 (06 Jul 2008)
+
+  06 Jul 2008; Peter Alfredsen <loki_val@gentoo.org>
+  +files/peercast-0.1218-CVE-2008-2040.patch, -peercast-0.1217.ebuild,
+  +peercast-0.1218-r1.ebuild:
+  Security bump for CVE-2008-2040 wrt bug #220281
+
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 20:03:57 UTC 
arches, please test and mark stable media-soud/peercast-0.218-r1, target KEYWORDS" "amd64 x86"
Comment 6 Markus Meier gentoo-dev 2008-07-07 20:59:55 UTC 
amd64/x86 stable, all arches done.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-07-08 00:36:21 UTC 
glsa request filed
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-21 19:55:00 UTC 
GLSA 200807-11