Summary: | net-im/tmsnc <0.3.2-r1 UBX Stack-based buffer overflow (CVE-2008-2828) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | net-im | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487222 | ||||||
Whiteboard: | B2 [maskglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 240045 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-06-24 01:49:58 UTC
Created attachment 159737 [details, diff]
tmsnc-UBX-buffer-overflow-CVE-2008-2828
here's the patch from Nico Golde. net-im, please bump as necessary.
(In reply to comment #1) > Created an attachment (id=159737) [edit] > tmsnc-UBX-buffer-overflow-CVE-2008-2828 > > here's the patch from Nico Golde. net-im, please bump as necessary. > *ping* +*tmsnc-0.3.2-r1 (04 Oct 2008) + + 04 Oct 2008; Robert Buchholz <rbu@gentoo.org> + +files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch, + +tmsnc-0.3.2-r1.ebuild: + Fix stack based buffer overflow (security bug #229157) + Arches, please test and mark stable: =net-im/tmsnc-0.3.2-r1 Target keywords : "amd64 hppa ppc x86" Hmm, I get "The protocols doesn't match"[sic] during login. Any ideas? In June/July there has been a protocol change in ICQ, all ICQ clients were affected. tmsnc is discontinued, their SVN tree (http://tmsnc.svn.sourceforge.net/viewvc/tmsnc/so) is 2 years old. If 0.3.2 does not work anymore, it's very likely we won't get a fix. Proposed solutions: a) we fix it b) remove it from the tree Also see: http://forums.gentoo.org/viewtopic-t-698545-highlight-licq.html I guess I should have tried more than a program startup. I'm removing arches, let's remove this. gone from the tree glsa still to be sent GLSA 200903-26 |