227053 – media-video/motion <3.2.10.1 HTTP Buffer overflow (CVE-2008-2654)

Bug 227053 - media-video/motion <3.2.10.1 HTTP Buffer overflow (CVE-2008-2654)

Summary: media-video/motion <3.2.10.1 HTTP Buffer overflow (CVE-2008-2654)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/30544/
Whiteboard:	B/C1? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-06-14 21:56 UTC by Pierre-Yves Rofes (RETIRED)
Modified:	2008-07-03 14:20 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-06-14 21:56:33 UTC

See $URL for details.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-06-14 22:03:04 UTC

patches can be found here:
3.2.9:
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff
3.2.10
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff

media-video, please bump as necessary.btw, the advisory mentions that the HTTP interface needs to be enabled, is it our default setup?

Comment 2 Alexis Ballier gentoo-dev

2008-06-20 21:47:20 UTC

3.2.10.1 added and should be fixed

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-06-21 02:28:35 UTC

Arches, please test and mark stable:
=media-video/motion-3.2.10.1
Target keywords : "amd64 release"

Comment 4 Markus Meier gentoo-dev

2008-06-22 11:30:31 UTC

amd64 stable, all arches done.

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2008-07-03 14:20:40 UTC

GLSA 200807-02