Summary: | <net-libs/libgadu-1.11.4: Integer overflow (CVE-2013-6487) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Piotr Szymaniak <bugzie> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | net-im, reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Piotr Szymaniak
2014-03-24 16:20:29 UTC
thanks for the report. I know this isn't some high priority, used widely package, but the fix is something like: mv libgadu-1.11.{2,3}.ebuild and it's been over a month… ;) *libgadu-1.11.3 (06 May 2014) 06 May 2014; Manuel Rüger <mrueg@gentoo.org> +libgadu-1.11.3.ebuild, -libgadu-1.11.2.ebuild: Version bump. See bug #505558 Ebuild in tree. Package has stable keywords. Stabilization required, before removing vulnerable versions. Please advise when ready to proceed with stabilization. =net-libs/libgadu-1.11.4 is ready to be stabilized. libgadu-1.11.4 instead of 1.11.3, because of bug 510714. Arches, please test and mark stable: =net-libs/libgadu-1.11.4 Target Keywords : "alpha amd64 hppa ia64 ppc ppc64 spark x86" Thank you! Stable for HPPA. amd64 stable x86 stable ia64 stable ppc64 stable ppc stable alpha stable CVE-2013-6487 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6487): Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. sparc stable New stable has regression: bug #520946 missing arm.. arm stable, all arches done. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). New GLSA Request filed. Affected versions dropped. Thanks, Maciej! This issue was resolved and addressed in GLSA 201508-02 at https://security.gentoo.org/glsa/201508-02 by GLSA coordinator Yury German (BlueKnight). |