Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 234715 (CVE-2008-3688) - net-proxy/havp < 0.89 sockethandler.cpp Infinite loop DoS (CVE-2008-3688)
Summary: net-proxy/havp < 0.89 sockethandler.cpp Infinite loop DoS (CVE-2008-3688)
Alias: CVE-2008-3688
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] Falco
Depends on:
Reported: 2008-08-14 09:16 UTC by Per Pomsel
Modified: 2008-09-21 17:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Per Pomsel 2008-08-14 09:16:43 UTC
Version 0.89 of HAVP is out.

Reproducible: Always
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-14 14:56:02 UTC
HAVP 0.89 released
- Fix possible retry loop and hang (thanks to Peter Warasin @
- Always send Via: header, fixes some IIS problems (e.g. MSNBC)

I took the liberty of bumping it since there is no significative change.

And it seems it has a security impact. So, reassigning to security.

Original advisory is here:
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-14 14:58:48 UTC
Hi AMD64 team and X86 team, please could you test & stabilize net-proxy/havp-0.89, thanks.
Comment 3 Markus Meier gentoo-dev 2008-08-15 18:17:40 UTC
amd64/x86 stable, all arches done.
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-08-17 22:35:27 UTC
Thanks. Time to vote.

I would vote glsa because that kind of DoS is really easy to trigger. But half-yes because of the weak distribution of that software.
Comment 5 Matt Drew (RETIRED) gentoo-dev 2008-09-08 17:07:41 UTC
I'll vote yes, because it's a security-specific application - the people that ARE using it need to know.
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-18 21:30:21 UTC
yes too, request filed.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-21 17:35:29 UTC
GLSA 200809-11