From ${URL} : Affected software: Tntnet Description: By sending a crafted HTTP request that uses "\n" to end its headers instead of the expected "\r\n", it is possible that headers from a previous unrelated request will seemingly be appended to the crafted request (due to a missing null termination). This allows a remote attacker to use sensitive headers from other users' requests in their own requests, such as cookies or HTTP authentication credentials. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown Reported by: Matthew Daley @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*tntnet-2.2.1 (23 Jan 2014) 23 Jan 2014; Joerg Bornkessel <hd_brummy@gentoo.org> +tntnet-2.2.1.ebuild: bump; use-flag cgi removed, support removed in source; useflag sdk removed, --with-skd enabled by default, will not compile without sdk support
dev-libs/tntnet-2.2.1 stable amd64, x86
CVE-2013-7299 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7299): framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.
@maintainers, please remove vulnerable version (1.6.3) from tree.
GLSA Vote: No.
