| Summary: | net-im/silc-server: 1.0 version bump + stability patch | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Frank Benkstein <benkstein> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | trivial | CC: | swegener | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | ~3 [noglsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
|
Description
Frank Benkstein
2005-06-02 00:38:41 UTC
Created attachment 60446 [details]
a3925dd7f53f2665de9c4919c35b89c613dfc1f9 silc-server-1.0-r1.ebuild.tar.bz2
Cc-ing swegener (last bumper) for input. Frank: is this vulnerability public ? If yes, can we un-restrict this bug ? If no, is there a planned release ? when should we patch it (once the patch is out, the issue is kinda public) ? Note: this is a ~only package so no GLSA will be generated. > Frank: is this vulnerability public ? AFAIK no. We (the CCC Dresden) run our own little SILCnet (3 Servers, 1 Router) and discovered this bug when playing around a little. > If yes, can we un-restrict this bug ? Your choice. I just thought: better this way than the other way round. At least one server in the official SILCnet seems affected, too. > If no, is there a planned release ? when should we patch it (once the patch is > out, the issue is kinda public) ? I'm no SILC dev and did not even contact the SILC devs about this. One of our members just made a patch and I applied it noticing that it seems to fix the crashing. I don't feel competent enough to report it to the SILC folks because I don't fully understand how/why this bug occurs. If you don't want to report this upstream I can ask the original author (Sven Klemm) to do it, if he hasn't done this yet. I'll handle upstream warning. Thx for reporting this, we'll keep it restricted until upstream is ready. No answer from security@silcnet.org. I'll keep this restricted for a few more days and then we'll open the bug. swegener: what's your position on this ? Patch ? Yeah, I would go ahead and patch it. The patch is simple and does "The Right Thing" (tm) Hi, it seems that there was a little communication problem. When I filed the bug the issue was already known to the silc devs, sorry. Regardless, the patch is valid and fixes the issue. I think you are safe to unrestrict this bug. https://lists.silcnet.org/pipermail/silc-devel/2005-May/thread.html#1657 Best regards Frank Benkstein. Public now. Sven: you can go ahead and patch. In CVS. Thanks Sven. Package all ~, no glsa. |