A vulnerability has been reported in syslog-ng, which can be exploited by malicious people to cause a DoS (Denial of Service). This vulnerability is reported in syslog-ng versions prior to 2.0.6 and syslog-ng Premium Edition versions prior to 2.1.8. Solution: Update to syslog-ng 2.0.6 Reproducible: Always
maintainers - please advice
should be good to stablize. Adding arches.
arches - please test and mark stable target ebuild: app-admin/syslog-ng-2.0.6 target keywords: x86,ppc,sparc,amd64,alpha,ppc64,hppa
Sparc stable. Note also sparc stable for dev-libs/eventlog-0.2.5 as it is now required for syslog-ng.
Stable for HPPA.
ppc and ppc64 stable
alpha/ia64 stable
amd64 stable, still runs and logs
All supported arches done here, entering [glsa?] state.. Wait, I'd say this is A3 as syslog-ng is a common package and the vulnerability doesn't affect specific configurations only. Also, the Gentoo handbook installs syslog-ng by default. Rerate, otherwise vote.
Rerating A3, request filed.
GLSA 200712-19, thanks everyone.
*** Bug 204142 has been marked as a duplicate of this bug. ***
Does not affect current (2008.0) release. Removing release.