Bug 227791 - CVE-2007-160: centericq buffer overflow
Summary: CVE-2007-160: centericq buffer overflow
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: centericq
Version: rawhide
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Andreas Bierfert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-08 05:19 UTC by Kevin Fenzi
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-10 07:20:24 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Kevin Fenzi 2007-02-08 05:19:15 UTC 
Description of problem:

centericq is vulnerable to a buffer overflow in it's livejournal support. 

See: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0160

All fedora extras versions seem to be vulnerable. 

More info, and a patch that debian is using is at: 
http://mailman.linuxpl.org/pipermail/cicq/2007-January/004866.html
Comment 1 Andy Shevchenko 2007-02-08 06:33:10 UTC 
The patches are not allowed. Received error like following: "Can not connect 
to host www2.speedblue.org".

I think the patches would be attached here directly.

P.S. Just my 2 cents.
Comment 2 Andreas Bierfert 2007-02-08 09:40:05 UTC 
Will look into the issue and try the debian patches asap.
Comment 3 Kevin Fenzi 2007-02-08 16:13:39 UTC 
In reply to comment #1: 

yeah, those links look dead. ;( 
Hopefully the patches can be fetched via the debian package?
Comment 4 Andreas Bierfert 2007-02-08 16:21:41 UTC 
Thats not a problem... I am just waiting to get home to grep them and make a
test build +)
Comment 5 Andreas Bierfert 2007-02-10 07:20:24 UTC 
Builds for fc{5,6} and devel have been queued. Thanks for reporting.
Note You need to log in before you can comment on or make changes to this bug.