Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 193173

Summary: sys-fs/inotify-tools: inotifytools_snprintf() Buffer Overflow Vulnerability (CVE-2007-5037)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: wschlich
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/26825/
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 13:01:41 UTC 
From Secunia:
  A vulnerability has been reported in inotify-tools, which can potentially
  be exploited by malicious users to compromise an application using the
  library... The vulnerability is reported in versions prior to 3.11.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 13:03:35 UTC 
Wolfram, please provide an updated ebuild and remove affected versions if that's possible.
Comment 2 Wolfram Schlich (RETIRED) gentoo-dev 2007-09-20 23:39:03 UTC 
3.11 is in the tree, all previous ones have been removed (none of them was stable on any architecture anyway).
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 23:48:24 UTC 
Thanks a lot, Wolfram. Always a pleasure. :-)