Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 262550 (CVE-2009-0585)

Summary: <net-libs/libsoup-{2.2.x,2.24} Integer overflow (CVE-2009-0585)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: gnome
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
Whiteboard: B2 [ebuild?]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-15 11:37:56 UTC 
CVE-2009-0585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0585):
  Integer overflow in the soup_base64_encode function in soup-misc.c in
  libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows
  context-dependent attackers to execute arbitrary code via a long
  string that is converted to a base64 representation.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-15 13:31:51 UTC 
Those versions are long gone (2005'ish).
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-03-15 21:00:53 UTC 
the summary sounded strange so I read the cve report, it is talking about <2.2:2.2 and <2.4:2.4 so we are indeed ok.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-15 22:05:59 UTC 
Sorry, 2.4.1 sounded smaller than 2.24, and I didn't investigate... :/
Comment 4 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-03-15 22:46:00 UTC 
no problem better be aware of something that could have been a problem than not of one that is :).