Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 227053

Summary: media-video/motion <3.2.10.1 HTTP Buffer overflow (CVE-2008-2654)
Product: Gentoo Security Reporter: Pierre-Yves Rofes (RETIRED) <py>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: media-video, releng
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/30544/
Whiteboard: B/C1? [glsa]
Package list:
Runtime testing required: ---

Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-06-14 21:56:33 UTC
See $URL for details.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-06-14 22:03:04 UTC
patches can be found here:
3.2.9:
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff
3.2.10
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff

media-video, please bump as necessary.btw, the advisory mentions that the HTTP interface needs to be enabled, is it our default setup?
Comment 2 Alexis Ballier gentoo-dev 2008-06-20 21:47:20 UTC
3.2.10.1 added and should be fixed
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-06-21 02:28:35 UTC
Arches, please test and mark stable:
=media-video/motion-3.2.10.1
Target keywords : "amd64 release"
Comment 4 Markus Meier gentoo-dev 2008-06-22 11:30:31 UTC
amd64 stable, all arches done.
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2008-07-03 14:20:40 UTC
GLSA 200807-02