Summary: | net-im/gaim MSN Protocol Parsing Function Multiple Overflows | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | gaim-bugs | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.osvdb.org/displayvuln.php?osvdb_id=8382 | ||||||
Whiteboard: | A1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2004-08-11 00:13:54 UTC
Unclear if this is fixed in gaim-0.81. Created attachment 37199 [details]
Rats log for assessing the security issues.
Here's a rats log which might help in addressing the security issue. There
appears to be a lot of High ranking bugs in it. I'll take a look and see.
I'll ask upstream and report back. Chris did you run RATS against the 0.81 package? Upstream identified potential exploits from SuSE, one had already been fixed, other is patched in their CVS and now in net-im/gaim-0.81-r1, just committed to portage. Thinking about ARCH vs ~ARCH, right now 0.80 is stable on all. I was going to start pushing 0.81 later this week. Should make that push for what I presume will be a GLSA or do you want me to backport the fix to 0.80 as well? I'd rather see users moved to 0.81 for the bug fixes anyway. Let me know what you guys think. Stable on x86. Other arches can you please push this through to stable for a security fix? By "this" I mean net-im/gaim-0.81-r1. lv marked stable on amd64 rizzo thanks for the swift reaction. i'm testing this on ppc Don't know if it's normal but i can't login: account: Connecting to account 0x10186408. gc = 0x1037b1f8 connection: Connecting. gc = 0x1037b1f8 connection: Calling serv_login server: gaim 0.81 logging in dj_sejo@hotmail.com using MSN dns: Successfully sent DNS request to child 26777 dns: Host 'messenger.hotmail.com' resolved proxy: Connecting to messenger.hotmail.com:1863 with no proxy proxy: Connect would have blocked. proxy: Connected. account: Disconnecting account 0x10186408 connection: Disconnecting connection 0x1037b1f8 blist: Destroying connection: Destroying connection 0x1037b1f8 accounts: Writing accounts to disk. just got to logging in, added stable Stable on hppa. Sparc stable. GLSA drafted security please review GLSA 200408-12. alpha ia64 mips remember to mark stable to benifit from GLSA. Stable on alpha. stable on mips |