Summary: | <media-sound/mt-daapd-0.2.4.2: ws_getpostvars() Integer overflow (CVE-2008-1771) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | major | CC: | akshayushah, sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476241 | ||
Whiteboard: | B1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-04-16 17:32:40 UTC
nion proposed a fix for the 0.9 svn trunk. http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.2_0.9~r1696-1.3.patch 0.2.4.2 was released with a fix. Please update the ebuild (In reply to comment #2) > 0.2.4.2 was released with a fix. Please update the ebuild > *ping* +*mt-daapd-0.2.4.2 (06 Jul 2008) + + 06 Jul 2008; Peter Alfredsen <loki_val@gentoo.org> + +files/mt-daapd-0.2.4.2-maintainer-mode.patch, +mt-daapd-0.2.4.2.ebuild: + Security bump for CVE-2008-1771 wrt bug #217986. + Arches, please test and mark stable: =media-sound/mt-daapd-0.2.4.2 Target keywords : "amd64 arm ppc sh sparc x86" amd64/x86 stable ppc stable sparc stable arches stable... ready for GLSA But there is still bug 204063, could someone verify if this version is still affected by that issue or not please. To me it appeared to be. arm/sh stable I would like to issue a glsa for it, since the severity of the current bug is higher than bug 204063. GLSA request was filed (but no one wrote the glsa yet). Fixed long time ago |