Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 576916 (CVE-2015-8833)

Summary: <x11-plugins/pidgin-otr-4.0.2: Use after free when authenticating buddy
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
Whiteboard: A2 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 576914    
Bug Blocks:    

Description Hanno Böck gentoo-dev 2016-03-09 21:32:08 UTC 
pidgin-otr 4.0.2 fixes a heap use after free bug. This is already patched in the 4.0.1-r1 ebuild, but 4.0.2 is also already in the tree, so I'd prefer we stabilize the new release.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-03-09 21:53:53 UTC 
Arches please test and mark stable =x11-plugins/pidgin-otr-4.0.2 eith target KEYWORDS:

amd64 ppc ppc64 sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2016-03-10 16:16:44 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-03-10 16:17:25 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-03-16 12:08:38 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-17 11:35:31 UTC 
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-19 11:40:40 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-03-20 17:25:53 UTC 
commit c7e3269c2bd2d9e206f4d1378d4b0a5fd4007a7f
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sun Mar 20 18:17:07 2016

    x11-plugins/pidgin-otr: Security cleanup (bug #576916).

    Package-Manager: portage-2.2.28
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2017-01-02 14:22:48 UTC 
This issue was resolved and addressed in
 GLSA 201701-10 at https://security.gentoo.org/glsa/201701-10
by GLSA coordinator Thomas Deutschmann (whissi).