Summary: | net-im/jabberd DoS vulnerability in 1.4.3 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Justin <justin-gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | humpback |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [glsa] vorlon | ||
Package list: | Runtime testing required: | --- |
Description
Justin
2004-09-20 04:46:55 UTC
Gustavo: please apply fix and bump ebuild :) Fixed.. Thanks for the info Reopening for GLSA decision. I would say a GLSA is needed. Remote DoS on public Internet service is bad. Well that is work for the sec team. The bug is fixed and the new package marked stable on the stable arches (altough this bug probably is a bit more obscure because the exploit would not work on my server that is x86 ) Gustavo, maybe the new revision should depend on dev-libs/expat, since it does not ship it anymore after the patch according to http://jabberstudio.org/pipermail/jabberd/2004-September/002010.html Back to ebuild status until dependency question gets resolved. I did not add here but i added the expat dep, i did not notice it because my system already had expat. Should be ready for GLSA now, only minor changes to the ebuild. Thx, Gustavo. Thx humpback. GLSA 200409-31 |