Stack-based buffer overflow in the add_line_buffer function in TinTin++
1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code
via a long chat message, related to conversion from LF to CRLF.
Games herd, did you hear anything upstream about this?
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows
remote attackers to cause a denial of service (application crash) via a YES
message without a newline character, which triggers a NULL dereference.
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound
file-transfer request, before the user has an opportunity to decline the
request, which allows remote attackers to truncate arbitrary files in the top
level of a home directory.
I removed that version from portage. We'll pick up normal processing on the next version.
I verified that all three vulnerabilities also affect our stable, so that won't be enough. :-/
maskglsa request filed.
added tintin-1.98.0, removed all previous versions, unmasked.
I couldn't reproduce the errors with 1.98.0, so that looks fine.
please close this out.
A GLSA request was filed some time ago and the bug will be closed after it was sent.
This issue was resolved and addressed in
GLSA 201111-07 at http://security.gentoo.org/glsa/glsa-201111-07.xml
by GLSA coordinator Alex Legler (a3li).