CVE-2010-1937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1937): Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.
CVE-2010-2054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2054): Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.
This does not affect the dev-java aspect of SBLIM, which is the sum total of what this package provides. Closing as invalid.
(In reply to comment #2) > This does not affect the dev-java aspect of SBLIM, which is the sum total of > what this package provides. Closing as invalid. > Refrain from closing bugs assigned to security@ please (or generally any bugs that are not assigned to you). Feel free to make a comment, and *we* will take care of the closing after double-checking things. In this case, we indeed don't have the software in portage. Adapting whiteboard.
