licq before 1.3.6 allows remote attackers to cause a denial of service
(file-descriptor exhaustion and application crash) via a large number of
net-im, please provide an updated ebuild
any news here?
upstream ticket can be found here: http://www.licq.org/ticket/1623
Saving the patch from the ticket to net-im/licq/files/1.3.5-connectionlimit.patch and add:
to the ebuild of 1.3.5 will work.
+*licq-1.3.5-r1 (04 Jul 2008)
+ 04 Jul 2008; Santiago M. Mola <firstname.lastname@example.org>
+ +files/licq-1.3.5-gcc43.patch, +files/licq-1.3.5-logonfix.patch,
+ +files/licq-1.3.5-prevent-dos.patch, +licq-1.3.5-r1.ebuild:
+ Fix security bug #219708, gcc-4.3 and glibc-4.8 fixes (bugs #218814 and
+ #228373) and ICQ protocol upgrade (bug #230387).
Arches, please test and mark stable:
Target keywords : "alpha amd64 ia64 ppc release sparc x86"
thanks Markus and Santiago
using 1.3.5 since the beginning of this year... and now 1.3.5-r1 is stable on amd64 ;)
time for vote here... AFAICT, It's a client DoS, so voting no.
*** Bug 233654 has been marked as a duplicate of this bug. ***