Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 234715 (CVE-2008-3688)

Summary: net-proxy/havp < 0.89 sockethandler.cpp Infinite loop DoS (CVE-2008-3688)
Product: Gentoo Security Reporter: Per Pomsel <phantom4>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: net-proxy+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa] Falco
Package list:
Runtime testing required: ---

Description Per Pomsel 2008-08-14 09:16:43 UTC
Version 0.89 of HAVP is out.

Reproducible: Always
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-14 14:56:02 UTC
HAVP 0.89 released
- Fix possible retry loop and hang (thanks to Peter Warasin @
- Always send Via: header, fixes some IIS problems (e.g. MSNBC)

I took the liberty of bumping it since there is no significative change.

And it seems it has a security impact. So, reassigning to security.

Original advisory is here:
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-14 14:58:48 UTC
Hi AMD64 team and X86 team, please could you test & stabilize net-proxy/havp-0.89, thanks.
Comment 3 Markus Meier gentoo-dev 2008-08-15 18:17:40 UTC
amd64/x86 stable, all arches done.
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-17 22:35:27 UTC
Thanks. Time to vote.

I would vote glsa because that kind of DoS is really easy to trigger. But half-yes because of the weak distribution of that software.
Comment 5 Matt Drew (RETIRED) gentoo-dev 2008-09-08 17:07:41 UTC
I'll vote yes, because it's a security-specific application - the people that ARE using it need to know.
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-18 21:30:21 UTC
yes too, request filed.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-21 17:35:29 UTC
GLSA 200809-11