A vulnerability has been reported in syslog-ng, which can be exploited by malicious people to cause a DoS (Denial of Service).
This vulnerability is reported in syslog-ng versions prior to 2.0.6 and syslog-ng Premium Edition versions prior to 2.1.8.
Update to syslog-ng 2.0.6
maintainers - please advice
should be good to stablize. Adding arches.
arches - please test and mark stable
target ebuild: app-admin/syslog-ng-2.0.6
target keywords: x86,ppc,sparc,amd64,alpha,ppc64,hppa
Sparc stable. Note also sparc stable for dev-libs/eventlog-0.2.5 as it is now required for syslog-ng.
Stable for HPPA.
ppc and ppc64 stable
amd64 stable, still runs and logs
All supported arches done here, entering [glsa?] state.. Wait, I'd say this is A3 as syslog-ng is a common package and the vulnerability doesn't affect specific configurations only. Also, the Gentoo handbook installs syslog-ng by default. Rerate, otherwise vote.
Rerating A3, request filed.
GLSA 200712-19, thanks everyone.
*** Bug 204142 has been marked as a duplicate of this bug. ***
Does not affect current (2008.0) release. Removing release.