Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 54452 - <=net-p2p/gift-fasttrack-0.8.6 remotely crashable
Summary: <=net-p2p/gift-fasttrack-0.8.6 remotely crashable
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2004-06-19 14:00 UTC by Jon Hood (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

gift-fasttrack GLSA (gift-fasttrack-glsa,2.00 KB, text/plain)
2004-06-20 10:49 UTC, Jon Hood (RETIRED)
no flags Details
gift-fasttrack GLSA (gift-fasttrack-glsa,2.00 KB, text/plain)
2004-06-20 10:51 UTC, Jon Hood (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jon Hood (RETIRED) gentoo-dev 2004-06-19 14:00:47 UTC
please mark gift-fasttrack-0.8.7 stable on all architectures- a vulnerability exists that allows the giFT daemon to be remotely crashable. It is not deemed a severe vulnerability, only crashing giFTd. The fix is to upgrade to gift-fasttrack-0.8.7.
Comment 1 Jon Hood (RETIRED) gentoo-dev 2004-06-19 14:03:28 UTC
Forgot to mention- this is just a null pointer vulnerability, I'm not sure if it was severe enough to report, but I thought I better be safe ;)
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-06-20 01:52:22 UTC
I see no reason of having ppc and sparc mark stable on this one, since afaik they never had this package stable anyway. amd64 marked stable, so I think it's ready.

I would vote for no GLSA on this one.
Comment 3 Jon Hood (RETIRED) gentoo-dev 2004-06-20 10:49:01 UTC
Created attachment 33649 [details]
gift-fasttrack GLSA

Ah, you are correct- sorry to bother you, ppc and sparc teams. I know I'm not
the one who is normally in charge of GLSA's, but while they were working on the
fix, I went ahead and drafted one. It is attached for reference should you
chose to send one out. Otherwise, the vulnerable versions of this package have
been removed from portage and this bug can be closed.
Comment 4 Jon Hood (RETIRED) gentoo-dev 2004-06-20 10:51:38 UTC
Created attachment 33650 [details]
gift-fasttrack GLSA
Comment 5 Jason Wever (RETIRED) gentoo-dev 2004-06-23 20:44:06 UTC
Stable on sparc.
Comment 6 Kurt Lieber (RETIRED) gentoo-dev 2004-06-24 09:32:30 UTC
since remote users can crash the daemon (i.e. it is not directly controllable by the user) I'd say this deserves a GLSA.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-06-24 13:43:15 UTC
GLSA 200406-19