Summary: | net-libs/libgadu<1.8.2 contact description DOS (CVE-2008-4776) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bugzie, net-im, ole+gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 244424 | ||
Bug Blocks: | 264607, 264613 |
Description
Stefan Behte (RETIRED)
2008-10-29 14:05:21 UTC
Any word on an updated ebuild? The goal for a B4 fix is 20 days. https://bugzilla.redhat.com/show_bug.cgi?id=468830 Fix: https://bugzilla.redhat.com/attachment.cgi?id=321690 *PING* as timeline for B4 is 40 days This bug should be merged with version bump request in bug #244424 maybe? *libgadu-1.8.2 (04 Feb 2009) 04 Feb 2009; Robert Buchholz <rbu@gentoo.org> -libgadu-1.7.0_pre20050719.ebuild, -libgadu-1.7.0.ebuild, -libgadu-1.8.0.ebuild, +libgadu-1.8.2.ebuild: Version bump (bug #244424), fixing a buffer overread vulnerability (bug #244888) Arches, please test and mark stable: =net-libs/libgadu-1.8.2 Target keywords : "alpha amd64 hppa ia64 ppc sparc x86" Stable on alpha. Stable for HPPA. For anyone who missed that, bug 245572 has kadu waiting for your stable markings as well. amd64/x86 stable ia64/sparc stable ppc stable vote: NO, as this is a client library. "Successful exploitation would require a man-in-the-middle attack or hacking the Gadu-Gadu servers. No known exploits." That's why voting no, too. Closing noglsa. |