51461 – net-misc/cadaver-0.22.1 -- buffer overflow

Bug 51461 - net-misc/cadaver-0.22.1 -- buffer overflow

Summary: net-misc/cadaver-0.22.1 -- buffer overflow

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-05-19 08:52 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2004-05-20 14:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-05-19 08:52:13 UTC

From http://www.debian.org/security/2004/dsa-507
Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library, which is also present in cadaver, a command-line client for WebDAV server. User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-05-19 08:54:06 UTC

New version 0.22.2 available. Compiles cleanly with a version bump.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2004-05-19 14:10:27 UTC

plasmaroo : no maintainer, and you did the last security bump. Do you think you can bump this one too ?

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-05-19 14:46:04 UTC

Now in Portage. I've kept the "x86 ~sparc ~ppc" KEYWORDS since that's how they were for the previous version; since the ~-KEYWORDS were added after the previous fixed version was issued.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-05-20 14:02:06 UTC

GLSA 200405-15