Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 48448

Summary: net-misc/neon-0.24.4: Multiple format string vulnerabilities in neon 0.24.4 and earlier.
Product: Gentoo Security Reporter: Jani Averbach <jaa>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Severity: blocker CC: pauldv
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Jani Averbach 2004-04-20 03:53:19 UTC
There is a new version of neon (0.24.5) out there.
I just copied neon-0.24.4.ebuild -> neon-0.24.5.ebuild, and upgrade
went without hitch (amd64).

Reproducible: Always
Steps to Reproduce:
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-04-20 03:57:07 UTC
Paul -- Mind looking at this and bumping as necessary?
Comment 2 Kurt Lieber (RETIRED) gentoo-dev 2004-04-20 04:10:03 UTC
glsa drafted for this in case we end up needing it.
Comment 3 Paul de Vrieze (RETIRED) gentoo-dev 2004-04-27 01:14:44 UTC
I'm now working on the updated version. Get ready for the GLSA
Comment 4 Paul de Vrieze (RETIRED) gentoo-dev 2004-04-27 01:21:33 UTC
I've just committed 0.24.5 which is supposed to be safe, so please release a GLSA
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-04-27 01:29:55 UTC
Thanks Paul.
This is GLSA-ready. klieber: I reviewed your draft, it's OK for me.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-05-09 10:45:35 UTC
GLSA 200405-01