Summary: | net-misc/zebedee: Denial of Service | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bill Kenworthy <bill> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | vanquirius |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://sourceforge.net/projects/zebedee | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bill Kenworthy
2005-09-06 23:34:22 UTC
Bumped both versions in cvs, 2.4.1-r1 is x86 stable because of the DOS vulnerability. Thanks for reporting! More info on the other DoS issue here: http://www.securityfocus.com/archive/1/410157/30/0/ zebedee-2.5.3 stable on alpha Time for GLSA decision on this one. I tend to vote NO. This is a untrusted-network-facing service so I tend to vote yes. Well if no auth is necessary I agree with half YES. I would vote a weak YES. Let's have one. zebedee is still missing x86 stable keyword. 2.4.1-r1 is stable on x86. What version needs to be stabilized, then? Exactly: 2.4.x is the stable branch and 2.5.x is the development branch. 2.4.1A (2.4.1-r1) fixes the issue for 2.4.1 and 2.5.3 fixes the issue for 2.5.2. Oops, sorry for the confusion. zebedee depends on zlib so this is just about the DoS. GLSA 200509-14 s390 should mark stable to benefit from GLSA |