Bug 114070

Summary:	<=net-im/kadu-0.4.2 format string vulnerabilities
Product:	Gentoo Security	Reporter:	Karol Wojtaszek (RETIRED) <sekretarz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	mkay
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3? [noglsa]
Package list:		Runtime testing required:	---

Description Karol Wojtaszek (RETIRED) gentoo-dev

2005-11-30 14:14:22 UTC

Micha&#322; Gizowski has found remote DoS in net-im/kadu. More information:
http://www.security.nnov.ru/Kdocument422.html. I've just added kadu-0.4.3 to
portage, which fixes this bug. We need to push it stable.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-12-01 00:30:09 UTC

If it's true format string, it should allow more than just DoS...

Comment 2 Chris White (RETIRED) gentoo-dev

2005-12-01 03:12:47 UTC

x86 stable, thanks to muchar for helping me test it.

Comment 3 Luis Medinas (RETIRED) gentoo-dev

2005-12-01 12:51:18 UTC

amd64 done

Comment 4 Joe Jezak (RETIRED) gentoo-dev

2005-12-02 01:15:40 UTC

Marked ppc stable.

Comment 5 Marcin Kryczek (RETIRED) gentoo-dev

2005-12-02 01:34:56 UTC

all archs done. closing

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-02 01:37:54 UTC

Reopening for GLSA decision. I tend to vote no.

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2005-12-03 08:25:42 UTC

That's not format string, hence the DoS-only thing. Voting no and closing
without GLSA, feel free to rteopen if you intended to vote yes.