opendchub-0.7.14 is vulnerable to people logging in to the provided telnet daemon and speaking in chatrooms as any user they desire. Two things to note are: 1) normally this is firewalled 2) you can also set admin_localhost to 1 in the configuration 0.7.14-r1 with the required patch is about to be put into portage and marked stable on x86 (only architecture this is currently available for). I don't know if a GLSA is required for this. Resources: http://sourceforge.net/forum/forum.php?thread_id=1111511&forum_id=143363 http://sourceforge.net/tracker/index.php?func=detail&aid=997016&group_id=41830&atid=431659
net-p2p/opendchub-0.7.14-r1 now stable on x86 with patch
Security please vote on GLSA and draft if necessary.
**bump** Security please vote. Previous version were marked x86 only. **bump**
I'd say this is fairly low-risk and doesn't need a glsa.
Closing without GLSA.
