Summary: | net-im/licq < 1.3.6 DoS via large number of connections (CVE-2008-1996) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jjaann, M4rkusXXL, net-im, releng |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2008-04-29 11:38:37 UTC
net-im, please provide an updated ebuild hmpf... any news here? upstream ticket can be found here: http://www.licq.org/ticket/1623 Saving the patch from the ticket to net-im/licq/files/1.3.5-connectionlimit.patch and add: epatch ${FILESDIR}/1.3.5-connectionlimit.patch to the ebuild of 1.3.5 will work. +*licq-1.3.5-r1 (04 Jul 2008) + + 04 Jul 2008; Santiago M. Mola <coldwind@gentoo.org> + +files/licq-1.3.5-gcc43.patch, +files/licq-1.3.5-logonfix.patch, + +files/licq-1.3.5-prevent-dos.patch, +licq-1.3.5-r1.ebuild: + Fix security bug #219708, gcc-4.3 and glibc-4.8 fixes (bugs #218814 and + #228373) and ICQ protocol upgrade (bug #230387). Arches, please test and mark stable: =net-im/licq-1.3.5-r1 Target keywords : "alpha amd64 ia64 ppc release sparc x86" thanks Markus and Santiago x86 stable using 1.3.5 since the beginning of this year... and now 1.3.5-r1 is stable on amd64 ;) ppc stable amd64 stable alpha/ia64/sparc stable time for vote here... AFAICT, It's a client DoS, so voting no. NO, closing. *** Bug 233654 has been marked as a duplicate of this bug. *** |