CVE-2008-0671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0671): Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
Games herd, did you hear anything upstream about this?
CVE-2008-0672 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0672): The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference. CVE-2008-0673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0673): TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.
I removed that version from portage. We'll pick up normal processing on the next version.
I verified that all three vulnerabilities also affect our stable, so that won't be enough. :-/
package masked.
maskglsa request filed.
added tintin-1.98.0, removed all previous versions, unmasked.
I couldn't reproduce the errors with 1.98.0, so that looks fine.
please close this out.
A GLSA request was filed some time ago and the bug will be closed after it was sent.
This issue was resolved and addressed in GLSA 201111-07 at http://security.gentoo.org/glsa/glsa-201111-07.xml by GLSA coordinator Alex Legler (a3li).