A integer overflow vulnerability has been identified in libotr versions 4.1.0. A patch has been released, and a new version, 4.1.1, has been release to address the issue.
CVE-2016-2851 has been assigned to this issue.
4.1.1 already in tree.
@Maintainer; is it ready for stable?
Arches please test and mark stable =net-libs/libotr-4.1.1 with target KEYWORDS:
~alpha amd64 ~arm hppa ~ia64 ppc ppc64 sparc x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x86-macos
Stable for HPPA PPC64.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Author: Lars Wendler <email@example.com>
Date: Sun Mar 20 18:20:29 2016
net-libs/libotr: Security cleanup (bug #576914).
Signed-off-by: Lars Wendler <firstname.lastname@example.org>
This issue was resolved and addressed in
GLSA 201701-10 at https://security.gentoo.org/glsa/201701-10
by GLSA coordinator Thomas Deutschmann (whissi).