Bug 285011 (CVE-2008-7224)

Summary:	<www-client/elinks-0.11.5 DoS (CVE-2008-7224)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	spock
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-09-14 22:22:37 UTC

CVE-2008-7224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7224):
  Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows
  remote attackers to cause a denial of service (crash) via a crafted
  link.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-09-14 22:23:33 UTC

It seems we just have to remove older ebuilds.

Comment 2 Michal Januszewski (RETIRED) gentoo-dev

2009-09-23 20:33:48 UTC

Please feel free to remove 0.11.3 and 0.11.4 if that is necessary to fix this bug.

Comment 3 Alex Legler (RETIRED) archtester

2009-09-23 20:39:56 UTC

(In reply to comment #2)
> Please feel free to remove 0.11.3 and 0.11.4 if that is necessary to fix this
> bug.
> 

Usually this is the maintainer's task. I did it for you this time, next time we ask you to do it yourself.

Client DoS -> noglsa. Closing.