From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2668 to the following vulnerability: Name: CVE-2014-2668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2668 Assigned: 20140328 Reference: EXPLOIT-DB:32519 Reference: http://www.exploit-db.com/exploits/32519 Reference: http://www.securityfocus.com/bid/66474 Reference: SECUNIA:57572 Reference: http://secunia.com/advisories/57572 Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Yeah, 1.5.1 is forthcoming.
Ping. Dirkjan, I guess you forgot this. The bump is a trivial rename-only one.
I've added 1.5.1 now, thanks Luis for reminding me.
Stable time?
Yes, please.
Arches, please test and mark stable: =dev-db/couchdb-1.5.1 Target Keywords : "amd64 ppc x86" Thank you!
amd64 stable
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Cleanup done.
CVE-2014-2668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668): Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
Maintainer(s), Thank you for cleanup! GLSA VOTE: YES
YES too, request filed.
This issue was resolved and addressed in GLSA 201412-16 at http://security.gentoo.org/glsa/glsa-201412-16.xml by GLSA coordinator Sean Amoss (ackle).