Bug 277878

Summary:	dev-lang/mono XML signature HMAC truncation authentication bypass (CVE-2009-0217)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	dotnet
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	277872, 284306
Bug Blocks:

Description Robert Buchholz (RETIRED) gentoo-dev

2009-07-15 00:57:14 UTC

+++ This bug was initially created as a clone of Bug #277872 +++
Please see the blocker for vulnerability details.

Patches:
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137886 (trunk)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137887 (2.4)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137888 (2.0)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137889 (1.9)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137890 (1.2.5)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137891 (1.2.2)
http://anonsvn.mono-project.com/viewvc/?view=rev&revision=137892 (1.1.7)

Comment 1 Peter Alfredsen (RETIRED) gentoo-dev

2009-10-15 15:21:36 UTC

All arches stable in bug 284306. security@, this is yours now.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-10-15 16:50:27 UTC

Ready to vote, I vote YES.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2010-08-14 14:22:41 UTC

YES too, request filed.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2012-06-21 20:53:28 UTC

This issue was resolved and addressed in
 GLSA 201206-13 at http://security.gentoo.org/glsa/glsa-201206-13.xml
by GLSA coordinator Tobias Heinlein (keytoaster).