Summary: | media-video/kaffeine: buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kde, m.debruijne, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://securitytracker.com/alerts/2004/Oct/1011936.html | ||
Whiteboard: | B2 [glsablocked] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 70055 | ||
Bug Blocks: |
Description
Matthias Geerdsen (RETIRED)
2004-10-31 13:12:45 UTC
Upstream contacted. Problem is fixed in current Kaffeine CVS. I'll release a new version in some days. For older versions: Simple comment out this code part in http.c /*if (sscanf(this->buf, "Content-Type: %s", mime_type) == 1) { printf ("http: content type = '%s'\n", mime_type); strcpy(this->mime_type, mime_type); } */ Kaffeine don't use the detected mime type. Upstream fixed, please provide a patched ebuild. I've patched these ebuilds: <<< kaffeine-0.4.3b-r1.ebuild <<< kaffeine-0.5_rc1-r1.ebuild amd64: as kaffeine-0.4.2.ebuild was marked stable for amd64, please test and mark stable kaffeine-0.4.3b-r1.ebuild insecure versions removed. stable on amd64. Chris White any news on the similar issue? Please vote for GLSA. It's a B2, not a B4... so there should be a GLSA I propose combining GLSA with bug #70055 GLSA 200411-14 |