CVE-2008-1996 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1996): licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.
net-im, please provide an updated ebuild
hmpf... any news here? upstream ticket can be found here: http://www.licq.org/ticket/1623
Saving the patch from the ticket to net-im/licq/files/1.3.5-connectionlimit.patch and add: epatch ${FILESDIR}/1.3.5-connectionlimit.patch to the ebuild of 1.3.5 will work.
+*licq-1.3.5-r1 (04 Jul 2008) + + 04 Jul 2008; Santiago M. Mola <coldwind@gentoo.org> + +files/licq-1.3.5-gcc43.patch, +files/licq-1.3.5-logonfix.patch, + +files/licq-1.3.5-prevent-dos.patch, +licq-1.3.5-r1.ebuild: + Fix security bug #219708, gcc-4.3 and glibc-4.8 fixes (bugs #218814 and + #228373) and ICQ protocol upgrade (bug #230387).
Arches, please test and mark stable: =net-im/licq-1.3.5-r1 Target keywords : "alpha amd64 ia64 ppc release sparc x86"
thanks Markus and Santiago
x86 stable
using 1.3.5 since the beginning of this year... and now 1.3.5-r1 is stable on amd64 ;)
ppc stable
amd64 stable
alpha/ia64/sparc stable
time for vote here... AFAICT, It's a client DoS, so voting no.
NO, closing.
*** Bug 233654 has been marked as a duplicate of this bug. ***