Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 48448

Summary: net-misc/neon-0.24.4: Multiple format string vulnerabilities in neon 0.24.4 and earlier.
Product: Gentoo Security Reporter: Jani Averbach <jaa>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: pauldv
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179
Whiteboard:
Package list:
Runtime testing required: ---

Description Jani Averbach 2004-04-20 03:53:19 UTC 
There is a new version of neon (0.24.5) out there.
I just copied neon-0.24.4.ebuild -> neon-0.24.5.ebuild, and upgrade
went without hitch (amd64).

http://www.webdav.org/neon/


Reproducible: Always
Steps to Reproduce:
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-04-20 03:57:07 UTC 
Paul -- Mind looking at this and bumping as necessary?
Comment 2 Kurt Lieber (RETIRED) gentoo-dev 2004-04-20 04:10:03 UTC 
glsa drafted for this in case we end up needing it.
Comment 3 Paul de Vrieze (RETIRED) gentoo-dev 2004-04-27 01:14:44 UTC 
I'm now working on the updated version. Get ready for the GLSA
Comment 4 Paul de Vrieze (RETIRED) gentoo-dev 2004-04-27 01:21:33 UTC 
I've just committed 0.24.5 which is supposed to be safe, so please release a GLSA
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-04-27 01:29:55 UTC 
Thanks Paul.
This is GLSA-ready. klieber: I reviewed your draft, it's OK for me.
-K
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-05-09 10:45:35 UTC 
GLSA 200405-01