Bug 134960

Summary:	net-misc/hashcash: potential heap overflow
Product:	Gentoo Security	Reporter:	Tavis Ormandy (RETIRED) <taviso>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://article.gmane.org/gmane.mail.spam.hashcash/837
Whiteboard:	B1? [glsa] DerCorny
Package list:		Runtime testing required:	---

Description Tavis Ormandy (RETIRED) gentoo-dev

2006-05-30 14:09:23 UTC

hashcash < 1.21 is apparently vulnerable to a heap overflow

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-06-11 14:23:07 UTC

Hi kloeri, can you provide a new ebuild (-1.21) if needed and possible ? Thanks in advance.

Comment 2 Stefan Cornelius (RETIRED) gentoo-dev

2006-06-13 02:14:28 UTC

kloeri please bump, this one is pretty late ...

Comment 3 Bryan Østergaard (RETIRED) gentoo-dev

2006-06-14 10:03:08 UTC

1.22 in cvs now.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-06-14 10:45:25 UTC

Thx Bryan,

x86 please test and mark stable.

Comment 5 Andrej Kacian (RETIRED) gentoo-dev

2006-06-19 13:32:56 UTC

x86 stable.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-06-19 23:46:37 UTC

Rerating, feel free to correct if I'm wrong. I'm not too familiar with hashcash.

Comment 7 Wolf Giesen (RETIRED) gentoo-dev

2006-06-20 00:06:12 UTC

Without further details available, I'd follow you upping the rating.

Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-06-20 01:25:10 UTC

I guess it is a bit like spamassassin or bogofilter.

i've just updated the severity in the draft.

Comment 9 Thierry Carrez (RETIRED) gentoo-dev

2006-06-26 12:14:43 UTC

Sent as GLSA 200606-25