CVE-2009-0798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0798): The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
+*acpid-1.0.10 (03 May 2009) + + 03 May 2009; Peter Alfredsen <loki_val@gentoo.org> +acpid-1.0.10.ebuild: + Bump, bug 246802. Thanks to Davide Pesavento <davidepesa@gmail.com>. Use + Ted Felix version of acpid that correctly handles using the netlink + interface instead of the deprecated /proc/acpi/event interface. Also fixes + bug 268079, CVE-2009-0798. +
1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing warnings that was accepted upstream.
(In reply to comment #2) > 1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing > warnings that was accepted upstream. Does this have to do with the security issue? Do you want _p3 to go stable or 1.0.10?
Okay, _p3 was confirmed on IRC. Arches, please test and mark stable: =sys-power/acpid-1.0.10_p3 Target keywords : "amd64 ia64 x86"
amd64/x86 stable
ia64 stable
Ready for vote, I vote YES.
Yes, too, request filed.
GLSA 200905-06