Summary: | <net-irc/bip-0.8.5-r1: Denial of Service Vulnerability (CVE-2010-3071) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | a3li, endymion+gentoo | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://secunia.com/advisories/41285/ | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Tim Sammut (RETIRED)
2010-09-07 03:45:15 UTC
This has been assigned CVE-2010-3071. Created attachment 246608 [details, diff]
patch
I'll apply the attached patch to our ebuild. It's not approved by upstream, but nohar isn't responding at the moment and this DoS might get very annoying as there is no authentication needed to exploit it.
Arches, please test and mark stable: =net-irc/bip-0.8.5-r1 Target keywords : "amd64 x86" Builds and runs fine on x86. Please mark stable for x86. x86 stable, thanks Myckel amd64 done There's a 0.8.6 version which fixes the bug. The patch was backported and released as net-irc/bip-0.8.5-r1. GLSA vote: yes. GLSA Vote: Yes, remote DoS in a multi-user service. GLSA request filed. This issue was resolved and addressed in GLSA 201201-18 at http://security.gentoo.org/glsa/glsa-201201-18.xml by GLSA coordinator Alex Legler (a3li). |