Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 134960 - net-misc/hashcash: potential heap overflow
Summary: net-misc/hashcash: potential heap overflow
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1? [glsa] DerCorny
Depends on:
Reported: 2006-05-30 14:09 UTC by Tavis Ormandy (RETIRED)
Modified: 2007-05-31 10:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2006-05-30 14:09:23 UTC
hashcash < 1.21 is apparently vulnerable to a heap overflow
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-11 14:23:07 UTC
Hi kloeri, can you provide a new ebuild (-1.21) if needed and possible ? Thanks in advance.
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-06-13 02:14:28 UTC
kloeri please bump, this one is pretty late ...
Comment 3 Bryan Østergaard (RETIRED) gentoo-dev 2006-06-14 10:03:08 UTC
1.22 in cvs now.
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2006-06-14 10:45:25 UTC
Thx Bryan,

x86 please test and mark stable.
Comment 5 Andrej Kacian (RETIRED) gentoo-dev 2006-06-19 13:32:56 UTC
x86 stable.
Comment 6 Sune Kloppenborg Jeppesen gentoo-dev 2006-06-19 23:46:37 UTC
Rerating, feel free to correct if I'm wrong. I'm not too familiar with hashcash.
Comment 7 Wolf Giesen (RETIRED) gentoo-dev 2006-06-20 00:06:12 UTC
Without further details available, I'd follow you upping the rating.
Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-20 01:25:10 UTC
I guess it is a bit like spamassassin or bogofilter.

i've just updated the severity in the draft.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2006-06-26 12:14:43 UTC
Sent as GLSA 200606-25