Bug 219708 (CVE-2008-1996)

Comment 1 Matthias Geerdsen (RETIRED) 2008-04-29 11:46:30 UTC

net-im, please provide an updated ebuild

Comment 2 Matthias Geerdsen (RETIRED) 2008-06-17 12:03:39 UTC

hmpf...

any news here?
upstream ticket can be found here: http://www.licq.org/ticket/1623

Saving the patch from the ticket to net-im/licq/files/1.3.5-connectionlimit.patch and add:
epatch ${FILESDIR}/1.3.5-connectionlimit.patch
to the ebuild of 1.3.5 will work.

Comment 4 Santiago M. Mola (RETIRED) 2008-07-04 15:19:43 UTC

+*licq-1.3.5-r1 (04 Jul 2008)
+
+  04 Jul 2008; Santiago M. Mola <coldwind@gentoo.org>
+  +files/licq-1.3.5-gcc43.patch, +files/licq-1.3.5-logonfix.patch,
+  +files/licq-1.3.5-prevent-dos.patch, +licq-1.3.5-r1.ebuild:
+  Fix security bug #219708, gcc-4.3 and glibc-4.8 fixes (bugs #218814 and
+  #228373) and ICQ protocol upgrade (bug #230387).

Comment 5 Matthias Geerdsen (RETIRED) 2008-07-04 15:26:41 UTC

Arches, please test and mark stable:
=net-im/licq-1.3.5-r1
Target keywords : "alpha amd64 ia64 ppc release sparc x86"

Comment 6 Matthias Geerdsen (RETIRED) 2008-07-04 15:28:17 UTC

thanks Markus and Santiago

Comment 7 Christian Faulhammer (RETIRED) 2008-07-04 18:39:32 UTC

x86 stable

using 1.3.5 since the beginning of this year... and now 1.3.5-r1 is stable on amd64 ;)

Comment 9 Tobias Scherbaum (RETIRED) 2008-07-05 10:28:54 UTC

ppc stable

Comment 10 Markus Meier 2008-07-05 15:55:16 UTC

amd64 stable

Comment 11 Raúl Porcel (RETIRED) 2008-07-05 16:48:05 UTC

alpha/ia64/sparc stable

Comment 12 Pierre-Yves Rofes (RETIRED) 2008-07-06 18:12:58 UTC

time for vote here... AFAICT, It's a client DoS, so voting no.

Comment 13 Robert Buchholz (RETIRED) 2008-07-06 21:28:28 UTC

NO, closing.

Comment 14 Pierre-Yves Rofes (RETIRED) 2008-08-02 10:53:41 UTC

*** Bug 233654 has been marked as a duplicate of this bug. ***