Gentoo Archives: gentoo-commits

From: "Matthias Geerdsen (vorlon)" <vorlon@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200709-07.xml
Date: Sat, 15 Sep 2007 15:36:27
vorlon      07/09/15 15:29:00

  Added:                glsa-200709-07.xml
  GLSA 200709-07

Revision  Changes    Path
1.1                  xml/htdocs/security/en/glsa/glsa-200709-07.xml

file :

Index: glsa-200709-07.xml
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

<glsa id="200709-07">
  <title>Eggdrop: Buffer overflow</title>
    A remote stack-based buffer overflow has been discovered in Eggdrop.
  <product type="ebuild">eggdrop</product>
  <announced>September 15, 2007</announced>
  <revised>September 15, 2007: 01</revised>
    <package name="net-irc/eggdrop" auto="yes" arch="*">
      <unaffected range="ge">1.6.18-r2</unaffected>
      <vulnerable range="lt">1.6.18-r2</vulnerable>
    Eggdrop is an IRC bot extensible with C or Tcl.
    Bow Sineath discovered a boundary error in the file
    mod/server.mod/servrmsg.c when processing overly long private messages
    sent by an IRC server.
  <impact type="normal">
    A remote attacker could entice an Eggdrop user to connect the bot to a
    malicious server, possibly resulting in the execution of arbitrary code
    on the host running Eggdrop.
    There is no known workaround at this time.
    All Eggdrop users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose &quot;&gt;=net-irc/eggdrop-1.6.18-r2&quot;</code>
    <uri link="">CVE-2007-2807</uri>
  <metadata tag="requester" timestamp="Thu, 23 Aug 2007 09:04:09 +0000">
  <metadata tag="bugReady" timestamp="Thu, 23 Aug 2007 09:04:22 +0000">
  <metadata tag="submitter" timestamp="Fri, 07 Sep 2007 09:43:27 +0000">

gentoo-commits@g.o mailing list