Bug 51490

Summary:	net-misc/neon <= 0.24.5 date parsing vulnerability
Product:	Gentoo Security	Reporter:	Tobias Weisserth <tobias>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	pauldv
Priority:	High	Flags:	koon: Assigned_To? (koon)
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://security.e-matters.de/advisories/062004.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Tobias Weisserth 2004-05-19 10:53:18 UTC

See advisory here:

http://security.e-matters.de/advisories/062004.html

Debian has already issued new packages and an advisory:

http://www.debian.org/security/2004/dsa-506

This bug also affects "cadaver":

http://www.debian.org/security/2004/dsa-507

I'll open another bug for this.

Tobias

Reproducible: Always
Steps to Reproduce:

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-05-19 14:06:32 UTC

This one is for pauldv too :)
Waiting for a bump to 0.24.6.

Comment 2 Paul de Vrieze (RETIRED) gentoo-dev

2004-05-19 15:01:52 UTC

I just committed 0.24.6 to testing. I'll mark it stable tomorrow if nothing turns up

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2004-05-20 10:32:57 UTC

0.24.6 has been made stable on major arches, so this is ready for a GLSA draft too.

s390 : please mark stable to benefit from the future GLSA.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-05-20 10:49:39 UTC

GLSA drafted

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2004-05-20 11:42:16 UTC

GLSA 200405-13

Comment 6 Michael McCabe (RETIRED) gentoo-dev

2004-05-20 17:58:58 UTC

Stable on s390