From ${URL} : Description A vulnerability has been reported in libtirpc, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "svc_dg_getargs()" function (src/svc_dg.c) and can be exploited to crash an application using the library via a specially crafted RPC request. This is related to: SA8347 The vulnerability is reported in version 0.2.3. Solution Fixed in the GIT repository. Further details available to Secunia VIM customers Original Advisory https://bugzilla.redhat.com/show_bug.cgi?id=948378 http://seclists.org/oss-sec/2013/q2/150 @maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
Fix available at http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f
CVE-2013-1950 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1950): The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
0.2.4-r1 is in the tree
(In reply to SpanKY from comment #3) > 0.2.4-r1 is in the tree Good. Can we stable it?
(In reply to Sergey Popov from comment #4) should be fine
0.2.5 is stable now for everyone
Per previous comment 0.2.5 is stable. Please remove vulnerable 0.1.10 ebuild.
GLSA Vote: No Cleaned up: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d635f65afc6c69f0a8ebacfc3caf873f4bb28c8
