293643 – (CVE-2009-3857) <=app-editors/scite-1.72 DOS (CVE-2009-3857)

Bug 293643 (CVE-2009-3857) - <=app-editors/scite-1.72 DOS (CVE-2009-3857)

Summary: <=app-editors/scite-1.72 DOS (CVE-2009-3857)

Status:	RESOLVED INVALID

Alias:	CVE-2009-3857

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	http://www.milw0rm.com/exploits/9133
Whiteboard:	B4 [stable]
Keywords:

Depends on:
Blocks:

Reported:	2009-11-18 19:20 UTC by Stefan Behte (RETIRED)
Modified:	2009-11-18 19:59 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:20:59 UTC

CVE-2009-3857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3857):
  Buffer overflow in Softonic International SciTE 1.72 allows
  user-assisted remote attackers to cause a denial of service
  (application crash) via a Ruby (.rb) file containing a long string,
  which triggers the crash when a scroll bar is used.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:22:43 UTC

This couldn't be reproduces and it's just an application crash, so there is no hurry.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:23:45 UTC

Arches, please test and mark stable:
=app-editors/scite-1.79
Target keywords : "amd64 ppc sparc x86"

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:41:53 UTC

Sorry for the noise. :/

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:59:48 UTC

This was not replicatable for the security team, application crashes seems to be quite common with scite (http://sourceforge.net/search/?group_artifact_id=102439&type_of_search=artifact&group_id=2439&words=crash) and we therefore don't regard it as security vulnerability that needs our attention.