Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 217234 - net-im/openfire <3.5.0 Denial of Service (CVE-2008-1728)
Summary: net-im/openfire <3.5.0 Denial of Service (CVE-2008-1728)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2008-04-10 23:23 UTC by Robert Buchholz (RETIRED)
Modified: 2008-04-23 16:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-04-10 23:23:54 UTC

A vulnerability has been reported in Openfire, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error and can be
exploited to cause a DoS.

The vulnerability is reported in version 3.4.5. Other versions may
also be affected.

Update to version 3.5.0.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-10 23:24:26 UTC
3.5.0 is already in the tree, good to go stable?
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-12 16:56:27 UTC
Vulnerability: It cannot handle clients that fail to read 
messages, and has no limit on their session's send buffer.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-14 02:11:33 UTC
net-irc/humpback, is 3.5.0_rc1 good to go stable?
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-04-15 22:57:58 UTC
Arches, please test and mark stable:
Target keywords : "amd64 release x86"
Comment 5 Markus Meier gentoo-dev 2008-04-17 01:01:09 UTC
amd64/x86 stable, last arches.
Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-17 10:36:21 UTC
ready for GLSA vote

/me votes yes
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-04-17 20:08:44 UTC
Voting YES as well and filing request.
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2008-04-21 08:09:13 UTC
Fixed in release snapshot.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 16:38:05 UTC
GLSA 200804-26