The vulnerabilities are caused due to boundary errors in nanohttp and nanoftp when parsing overly long URIs. This can be exploited to cause a buffer overflow by supplying an overly long URI (about 4096 bytes). Successful exploitation may potentially allow execution of arbitrary code. Reproducible: Always Steps to Reproduce: 1.<none> 2. 3. Actual Results: <none> Expected Results: <none> 2.6.6 is already in portage but not marked stable yet. It would be a good idea to mark it stable soon. (Using normal Severity since it's just not marked stable)
Package marked stable. If you don't want to release a GLSA just close this bug. Otherwise close it after releasing one :)
i think we should send a glsa. any one second this?
yeah, tha t would be fitting.
http://dev.gentoo.org/~plasmaroo/glsa-test/frame-view.php?id=200403-01
re #4 looks good
closing old bug. GLSA 200403-01
*** Bug 66309 has been marked as a duplicate of this bug. ***