Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 576916 (CVE-2015-8833) - <x11-plugins/pidgin-otr-4.0.2: Use after free when authenticating buddy
Summary: <x11-plugins/pidgin-otr-4.0.2: Use after free when authenticating buddy
Status: RESOLVED FIXED
Alias: CVE-2015-8833
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://blog.fuzzing-project.org/39-H...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on: CVE-2016-2851
Blocks:
  Show dependency tree
 
Reported: 2016-03-09 21:32 UTC by Hanno Böck
Modified: 2017-01-02 14:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-03-09 21:32:08 UTC
pidgin-otr 4.0.2 fixes a heap use after free bug. This is already patched in the 4.0.1-r1 ebuild, but 4.0.2 is also already in the tree, so I'd prefer we stabilize the new release.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2016-03-09 21:53:53 UTC
Arches please test and mark stable =x11-plugins/pidgin-otr-4.0.2 eith target KEYWORDS:

amd64 ppc ppc64 sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2016-03-10 16:16:44 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-03-10 16:17:25 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-03-16 12:08:38 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-17 11:35:31 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-19 11:40:40 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Lars Wendler (Polynomial-C) gentoo-dev 2016-03-20 17:25:53 UTC
commit c7e3269c2bd2d9e206f4d1378d4b0a5fd4007a7f
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sun Mar 20 18:17:07 2016

    x11-plugins/pidgin-otr: Security cleanup (bug #576916).

    Package-Manager: portage-2.2.28
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2017-01-02 14:22:48 UTC
This issue was resolved and addressed in
 GLSA 201701-10 at https://security.gentoo.org/glsa/201701-10
by GLSA coordinator Thomas Deutschmann (whissi).