Summary: | <net-im/ejabberd-2.1.3: Denial of Service Vulnerability (CVE-2010-0305) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | antoni, caleb, hanno, net-im |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://support.process-one.net/browse/EJAB-1173 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 281366, 327605 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2010-03-06 15:35:17 UTC
*** Bug 303016 has been marked as a duplicate of this bug. *** Rerating B3 for DoS. Can't see a 2.1.3 release. Does that mean that it's only a planned release, and currently the code is fixed only in git currently? This will probably need some bumping in http://bugs.gentoo.org/show_bug.cgi?id=281366 Patch: https://support.process-one.net/browse/EJAB-1173;jsessionid=CC9A1D875A20197DD4571444DA8C1EFB?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel https://support.process-one.net/browse/EJAB-1173 says: Affects Version/s: ejabberd 2.1.2 Fix Version/s: ejabberd 2.1.3 And we got: http://www.ejabberd.im/ejabberd-2.1.3 Please provide an updated ebuild. Hi Guys, Is there any chance that this would be marked stable soon? Thank you, We should bump to 2.1.3 ASAP, bug 281366. Ok, I've bumped and just unmasked 2.1.4 in tree. A week from now if nothing pops up it'll be ok to start stabilization. arch teams, please, stabilize net-im/ejabberd-2.1.4. x86: Just a heads up, this is dependent on the ~x86 package shadow-4.1.4.2-r3. x86: Compiles fine. No errors on running. I *think* its running alright, but I don't know a ton about jabber. stable x86, thanks Dane shadow-4.1.4.2-r3 has a small regression that no one noticed until it went stable. ive added shadow-4.1.4.2-r4 with the small fix. x86 done again amd64 done Vote: no. I vote YES here. GLSA Vote: Yes, request filed. This issue was resolved and addressed in GLSA 201206-10 at http://security.gentoo.org/glsa/glsa-201206-10.xml by GLSA coordinator Stefan Behte (craig). |