Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 136759 - app-text/wv2 Integer overflow (CVE-2006-2197)
Summary: app-text/wv2 Integer overflow (CVE-2006-2197)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa] DerCorny
Depends on:
Reported: 2006-06-14 03:59 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-09-03 02:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-14 03:59:02 UTC
From 0.2.3 ChangeLog:

Fixed an integer overflow bug (CVE-2006-2197)
Comment 1 Wolf Giesen (RETIRED) gentoo-dev 2006-06-14 04:12:32 UTC
Just thinking loud: Abiword seems to depend on wv [not wv2], any info on whether that is affected, too?
Comment 2 Martin Ehmsen (RETIRED) gentoo-dev 2006-06-14 04:33:17 UTC
text-markup absorbs it (seems easy to maintain and useful).
I have version bumped it and added text-markup to metadata.

Arch teams please stabilize this (the only change since 0.2.2 is some tabbing stuff and a Solaris / Sun C++ 5.5 patch, aside from the security fix).
Comment 3 Jon Hood (RETIRED) gentoo-dev 2006-06-14 06:26:16 UTC
stable amd64
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2006-06-14 11:04:13 UTC
ppc stable
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-06-14 11:30:07 UTC
sparc sparc!
Comment 6 Thomas Cort (RETIRED) gentoo-dev 2006-06-14 19:11:24 UTC
alpha stable.
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2006-06-15 00:01:46 UTC
stable on ppc64
Comment 8 Martin Ehmsen (RETIRED) gentoo-dev 2006-06-20 02:20:13 UTC
This seems to have slowed down a bit... can we please have som input from x86 and ia64?
Comment 9 Carsten Lohrke (RETIRED) gentoo-dev 2006-06-21 03:59:48 UTC
stable on x86
Comment 10 Chris Gianelloni (RETIRED) gentoo-dev 2006-06-21 07:31:47 UTC
Removing x86... I'd really appreciate it if people outside the x86 team would allow us to actually do our jobs on these bugs.  It's rather frustrating to see that since Halcy0n has left that we now have some people going around and just stabilizing whatever they feel like it because they think we're being too slow.  Unfortunately, the number of active people on the x86 team has dropped since his leaving the project.  Don't go around countermining all of the work that he did for the project by subverting our policies just because he's not around to complain to you.
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2006-06-21 08:45:59 UTC
"You have to specify a comment on this change. Please explain your change."
-> baah. ready for glsa.
Comment 12 Carsten Lohrke (RETIRED) gentoo-dev 2006-06-21 09:19:11 UTC
(In reply to comment #10)
> Removing x86... I'd really appreciate it if people outside the x86 team would
> allow us to actually do our jobs on these bugs.

I am listed as member of the x86 team. I do only act, if I notice an ebuild I do maintain or an dependency of it needs to go stable and no one else of the x86 team does, though.
Comment 13 Joshua Jackson (RETIRED) gentoo-dev 2006-06-21 09:50:16 UTC
Herd:             x86
Description:      Gentoo/x86 team
Developers(16):   allanonjl antarus* betelgeuse* chriswhite* compnerd fuzzyray
                  halcy0n* hparker kloeri mkay* nelchael s4t4n* ticho tove
                  tsunam wolf31o2

Hate to tell you carlo but you are not a member of the x86 team and therefore not approved to go stablizing stuff on the herds behalf unless we authorize you to do so. As the only real exceptions that we've allowed are for specific hardware that no member of the team has. We are always looking for dedicated developers who don't just want to join the herd to avoid having to deal with the team. We also mandate a certain amount of bugs done per the guidelines of the team, which is checked on to make sure that we don't need to send out warnings. 
Comment 14 Carsten Lohrke (RETIRED) gentoo-dev 2006-06-21 15:46:01 UTC
(In reply to comment #13)
> Hate to tell you carlo...

Then it had been missed to add me to the list. I joined shortly after the x86 herd has been formed.
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2006-06-23 08:19:16 UTC
GLSA 200606-24

Thanks everybody