264607 – <net-im/centerim-4.22.7-r1 contact description DOS (CVE-2008-4776)

Bug 264607 - <net-im/centerim-4.22.7-r1 contact description DOS (CVE-2008-4776)

Summary: <net-im/centerim-4.22.7-r1 contact description DOS (CVE-2008-4776)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	CVE-2008-4776 264606
Blocks:
	Show dependency tree

Reported:	2009-04-02 11:12 UTC by Robert Buchholz (RETIRED)
Modified:	2009-04-15 20:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-04-02 11:12:31 UTC

centerim bundles libgadu

+++ This bug was initially created as a clone of Bug #244888 +++

CVE-2008-4776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776):
  libgadu before 1.8.2 allows remote servers to cause a denial of
  service (crash) via a contact description with a large length, which
  triggers a buffer over-read.

Comment 1 Sven Wegener gentoo-dev

2009-04-05 10:20:15 UTC

I've commited centerim-4.22.7-r1 to the tree, containing a fix for the mentioned security issue.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-04-12 20:51:06 UTC

Arches, please test and mark stable:
=net-im/centerim-4.22.7-r1
Target keywords : "amd64 x86"

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2009-04-14 13:07:24 UTC

amd64 stable

Comment 4 Markus Meier gentoo-dev

2009-04-15 19:44:22 UTC

x86 stable, all arches done.

Comment 5 Alex Legler (RETIRED) archtester

2009-04-15 20:03:25 UTC

Voting, please: I vote NO (client DoS)

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2009-04-15 20:09:04 UTC

NO, closing.