114070 – <=net-im/kadu-0.4.2 format string vulnerabilities

Bug 114070 - <=net-im/kadu-0.4.2 format string vulnerabilities

Summary: <=net-im/kadu-0.4.2 format string vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3? [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-11-30 14:14 UTC by Karol Wojtaszek (RETIRED)
Modified:	2009-01-11 19:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Wojtaszek (RETIRED) gentoo-dev

2005-11-30 14:14:22 UTC

Micha&#322; Gizowski has found remote DoS in net-im/kadu. More information:
http://www.security.nnov.ru/Kdocument422.html. I've just added kadu-0.4.3 to
portage, which fixes this bug. We need to push it stable.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-12-01 00:30:09 UTC

If it's true format string, it should allow more than just DoS...

Comment 2 Chris White (RETIRED) gentoo-dev

2005-12-01 03:12:47 UTC

x86 stable, thanks to muchar for helping me test it.

Comment 3 Luis Medinas (RETIRED) gentoo-dev

2005-12-01 12:51:18 UTC

amd64 done

Comment 4 Joe Jezak (RETIRED) gentoo-dev

2005-12-02 01:15:40 UTC

Marked ppc stable.

Comment 5 Marcin Kryczek (RETIRED) gentoo-dev

2005-12-02 01:34:56 UTC

all archs done. closing

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-02 01:37:54 UTC

Reopening for GLSA decision. I tend to vote no.

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2005-12-03 08:25:42 UTC

That's not format string, hence the DoS-only thing. Voting no and closing
without GLSA, feel free to rteopen if you intended to vote yes.