Summary: | <net-libs/libgadu-1.11.4: memory corruption (CVE-2014-3775) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-im, reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/05/15/8 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-19 07:38:23 UTC
libgadu-1.11.4 and 1.12.0 are in tree. =net-libs/libgadu-1.11.4 should be stabilized also because of bug 505558. Being stabilized as part of bug #505558 CVE-2014-3775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3775): libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). Added to existing GLSA Request This issue was resolved and addressed in GLSA 201508-02 at https://security.gentoo.org/glsa/201508-02 by GLSA coordinator Yury German (BlueKnight). |