Summary: | <gnome-extra/evolution-data-server-2.24.5-r2 NTLM SASL authentication memory disclosure flaw (CVE-2009-0582) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | craig, gnome | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=487685 | ||||||||
Whiteboard: | B3 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 262555 | ||||||||
Bug Blocks: | 238650 | ||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-03-04 18:20:37 UTC
Created attachment 183910 [details, diff]
evolution-data-server-CVE-2009-0582.patch
Created attachment 184279 [details] 2.24.5 ebuild applying patch Here is evolution-data-server-2.24.5-r2 that applies the above patch. I've tested that it doesn't break anything I use (but I don't have access to NTLM S/MIME server authentication). Note that this is based on 2.24.5-r1 from bug #258867 which was committed today, but is not yet stable. Any arch that is stabilizing 2.24 from bug #260063 will need to test this. I can't test 2.22.3 until Monday when I get back to work; I'll post an ebuild for that then. Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76 Assuming you plan to do bug #260063 soon. If not, you'll have to wait until Monday for a 2.22 version. public via URL. added evolution-data-server-2.24.5-r2 to the tree, and marked stable for amd64. Arches, please test and mark stable: =gnome-extra/evolution-data-server-2.24.5-r2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Already stabled : "amd64" Missing keywords: "alpha arm hppa ia64 ppc ppc64 sparc x86" *** Bug 262549 has been marked as a duplicate of this bug. *** ppc64 done x86 stable ppc done alpha/ia64 stable sparc stable Re-rating B3, it's either a Dos or memory disclosure, no code execution here. Hppa, any problem here? arm stable Stable for HPPA (filed under bug #260063). Ready for vote, I vote YES. YES, request filed ping ? all of gnome 2.24 is going away soon. This issue has been fixed since Apr 27, 2009. No GLSA will be issued. |