Summary: | net-nntp/pan <0.132-r3 Buffer overflow parsing *.nzb files (CVE-2008-2363) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Duncan <1i5t5.duncan> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | gnome, net-news, releng | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://bugzilla.gnome.org/show_bug.cgi?id=535413 | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 195543, 227679 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Duncan
2008-05-29 07:24:08 UTC
The patch as in RH bugzilla is now verified to apply without issue, and I'm running the resulting binary with no observed issues either, altho I've obviously not been running it but a few minutes so far. Actually, I applied against a live SVN version ebuild I have in overlay, but SVN's only very slightly changed from 0.132 (and hasn't budged in months) and I'm using the patches Gentoo uses in the pan ebuild in the tree. Additionally, the patch on RH's bugz was against 0.132. Thus, it shouldn't have any issues against the tree's 0.132 either. net-news/gnome, please bump as necessary. Created attachment 155169 [details, diff]
patch from RedHat bugzilla
Attaching the patch here for our reference. I've tested it and it seems to work.
I have commited net-nntp/pan-0.132-r3 to the tree, including the patch. I have requested stabilization of this revision for other reasons on Bug 227679 Sorry, we just missed the comment about this ebuild being committed. Thanks for the stable request. 0.14.2 is not affected since it does not support NZB loading. So if sparc decides not to upgrade to the 0.132 branch, that is fine for security. So only hppa and ppc are missing. Adding release to this bug to merge in new version. ppc, please test and mark stable =net-nntp/pan-0.132-r3 ppc stable GLSA 200807-15 |