Summary: | net-p2p/linuxdcpp <1.0.1-r2 Two Remote DoS issues (CVE-2008-2953,CVE-2008-2954) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-p2p |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/30812/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-06-29 18:01:06 UTC
Steven Sheehy of linuxdcpp writes: It does affect linuxdcpp. I have just committed a fix to cvs for this issue. We are hoping to release a new version sometime next month. http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date Upstream fix applied in net-p2p/linuxdcpp-1.0.1-r1. Sorry for not noting earlier, there is another remote DoS: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date Arf, sorry, I actually noted it and for some reason missed its inclusion. Now included in 1.0.1-r2. I hope there's no third because I'll go to bed soon ;-) Arches, please test and mark stable: =net-p2p/linuxdcpp-1.0.1-r2 Target keywords : "amd64 x86" x86 stable amd64 stable, vulnerable version removed from the tree. glsa vote... client DoS, I vote NO. NO, closing. |