Bug 240308 (CVE-2008-3834)

Comment 1 Robert Buchholz (RETIRED) 2008-10-06 18:30:22 UTC

Arches, please test and mark stable:
=sys-apps/dbus-1.2.3-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 2 Markus Rothe (RETIRED) 2008-10-06 20:11:29 UTC

ppc64 stable

Comment 3 Markus Meier 2008-10-06 20:21:48 UTC

amd64/x86 stable

Comment 4 Jeroen Roovers (RETIRED) 2008-10-07 02:55:44 UTC

Stable for HPPA.

Comment 5 Friedrich Oslage (RETIRED) 2008-10-07 20:33:54 UTC

sparc stable

Comment 6 Raúl Porcel (RETIRED) 2008-10-08 09:08:43 UTC

alpha/ia64 stable

Comment 7 Stefan Behte (RETIRED) 2008-10-08 12:16:45 UTC

CVE-2008-3834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3834):
  The dbus_signature_validate function in the D-bus library (libdbus)
  before 1.2.4 allows remote attackers to cause a denial of service
  (application abort) via a message containing a malformed signature,
  which triggers a failed assertion error.

Comment 8 Tobias Scherbaum (RETIRED) 2008-10-11 17:58:48 UTC

ppc stable

Comment 9 Tobias Heinlein (RETIRED) 2008-10-13 18:56:02 UTC

Ready for vote, I vote YES.

Comment 10 Robert Buchholz (RETIRED) 2008-11-26 18:43:46 UTC

Ok, YES then.

Comment 11 Raúl Porcel (RETIRED) 2009-01-04 17:49:03 UTC

arm/s390/sh stable

Comment 12 Robert Buchholz (RETIRED) 2009-01-11 00:49:14 UTC

GLSA 200901-04