Summary: | app-text/gv: Exploitable Buffer Overflow (CAN-2002-0838) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chris White (RETIRED) <chriswhite> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | lanius |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Chris White (RETIRED)
2004-08-04 05:16:35 UTC
Finally found the patch for the gv exploits: http://freshmeat.net/articles/view/587/ no specific maintainer though, just the printing herd. gv-3.5.8-r4 uses the latest gv Debian patch, so I suppose this is fixed in that version. lanius : could you check the version the above fix is in ? Is it just 3.5.8-r4 or did it appear before ? it's only fixed in -r4, marked stable on x86 other arches please test Stable on sparc. Stable on amd64. Stable on alpha. lu_zero thx for the ppc stable marking GLSA 200408-10 NOTE: The Infohacking Advisory quoted here appears to be a hoax. However the bug we actually fixed is indeed the two year old iDEFENSE vulnerability (CAN-2002-0838). Apparently that vulnerability was unpatched until this (hoax) alert brought it to our attention. We applied the Debian patch for this vulnerability as our fix, so we are now, a couple years behind, fully patched. So, yes, we did fix a vulnerability, and yes, it was the old iDEFENSE vulnerability. |