Bug 314699 (CVE-2010-1100)

Summary:	www-client/arora: Integer overflow (CVE-2010-1100)
Product:	Gentoo Security	Reporter:	Tomás Touceda (RETIRED) <chiiph>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	qt
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://code.google.com/p/arora/
Whiteboard:
Package list:		Runtime testing required:	---

Description Tomás Touceda (RETIRED) gentoo-dev

2010-04-11 15:02:15 UTC

CVE-2010-1100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1100):
  Integer overflow in Arora allows remote attackers to bypass intended
  port restrictions on outbound TCP connections via a port number
  outside the range of the unsigned short data type, as demonstrated by
  a value of 65561 for TCP port 25.

Comment 1 Ben de Groot (RETIRED) gentoo-dev

2010-04-12 11:23:35 UTC

http://security-tracker.debian.org/tracker/CVE-2010-1100 notes:
Advisory is wrong, URL range is protected by QUrl

Comment 2 Davide Pesavento (RETIRED) gentoo-dev

2011-11-20 14:21:57 UTC

(In reply to comment #1)
> http://security-tracker.debian.org/tracker/CVE-2010-1100 notes:
> Advisory is wrong, URL range is protected by QUrl

So, is this invalid?

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-12-08 23:54:41 UTC

@qt, thoughts on this? Thanks!

Comment 4 Markos Chandras (RETIRED) gentoo-dev

2012-02-02 08:30:49 UTC

I believe the advisory is wrong yes

Comment 5 Tim Sammut (RETIRED) gentoo-dev

2012-02-02 15:34:15 UTC

Ok, thanks. Marking this as invalid.