Summary: | net-irc/bitchx-1.1-r4 stack smashing attack in convert_output_format_raw | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Target <target> |
Component: | Current packages | Assignee: | Packages in net-irc <net-irc> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | gentoo, gentoobugs.eddieparker, hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | stack trace of bitchx smashing stack and being terminated |
Description
Target
2007-12-17 14:25:13 UTC
Created attachment 138735 [details]
stack trace of bitchx smashing stack and being terminated
Adding myself to the CC list. I'm seeing this as well, and I'd like to use BitchX again, when this issue is resolved. # Markus Ullmann <jokey@gentoo.org> (07 Jul 2008) # mask for security bug #190667 (CVE-2007-{4584,5839}) # and for various other build problems (bug #425634) # # both CVEs are fixed in upstream version control as per: # http://bitchx.svn.sourceforge.net/svnroot/bitchx/trunk/Changelog net-irc/bitchx Maybe time to treeclean (In reply to Pacho Ramos from comment #4) > # Markus Ullmann <jokey@gentoo.org> (07 Jul 2008) > # mask for security bug #190667 (CVE-2007-{4584,5839}) > # and for various other build problems (bug #425634) > # > # both CVEs are fixed in upstream version control as per: > # http://bitchx.svn.sourceforge.net/svnroot/bitchx/trunk/Changelog > net-irc/bitchx > > Maybe time to treeclean No, bitchx-1.2 has been released and is in Portage and far as I know, it resolves all known security issues. removed |