Bug 44859

Summary:	UUDeview MIME Buffer Overflow
Product:	Gentoo Security	Reporter:	Jeff Patterson <helixj>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	aliz, condordes, hanno, vapier
Priority:	High	Flags:	plasmaroo: Pending- plasmaroo: Assigned_To? (plasmaroo)
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.securitytracker.com/alerts/2004/Mar/1009291.html
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	uudeview-0.5.20.ebuild

Description Jeff Patterson 2004-03-16 09:16:00 UTC

Versions of uudeview below 0.5.20 are vulnerable to buffer overflows.

Reproducible: Didn't try
Steps to Reproduce:
1.
2.
3.




No ebuild currently exists for uudeview-0.5.20.   Upgrading to 0.5.20 solves
this problem.

Comment 1 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev

2004-03-23 15:12:14 UTC

Created attachment 27891 [details]
uudeview-0.5.20.ebuild

Version bump for uudeview.  I removed the patch that was in uudeview 0.5.18
because it doesn't seem to be applicable anymore.

Comment 2 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev

2004-03-24 20:44:11 UTC

Can someone please test the new ebuild and let me know if anything needs fixing?  (And if it's OK, could a dev please commit it?)

Thanks in advance.

Comment 3 Seemant Kulleen (RETIRED) gentoo-dev

2004-03-26 11:53:17 UTC

so, WHO wants this from the CC list?

Comment 4 Seemant Kulleen (RETIRED) gentoo-dev

2004-03-26 11:59:20 UTC

committed to portage directly as "x86 ~sparc" and removed the older versions

Comment 5 Jason Wever (RETIRED) gentoo-dev

2004-03-26 14:42:57 UTC

Stable on sparc.

Comment 6 Tim Yamin (RETIRED) gentoo-dev

2004-03-28 06:53:04 UTC

Closing bug; GLSA Released: http://article.gmane.org/gmane.linux.gentoo.announce/295