Summary: | net-misc/openswan: Two Buffer Overflow Vulnerabilities (CVE-2010-{3302,3308}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mmokrejs, mrness |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openswan.org/security/CVE-2010-3302.php | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-10-04 03:18:00 UTC
Hi, mrness. Since we do not have any 2.6 ebuilds stabilized, would you like to investigate the impact to 2.4.15? Or should we work to stabilize 2.6.29? Thanks! We need to investigate the impact on 2.4.x because that will determine if we have to write a GLSA! If there never was a vulnerable version stable, we won't have to write one. According to these two pages http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt these issues do not affect openswan 2.4. For openswan 2.6 which is currently ~arch, net-misc/openswan-2.6.29 is fixed and is already in the tree. Closing noglsa. *** Bug 350104 has been marked as a duplicate of this bug. *** |