LogoopenSUSE Build Service > Request 143614
Sign Up | Log In

Request 143614 (accepted)

- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow

Submit package openSUSE:Evergreen:11.2:Test / libotr (revision 2) to package openSUSE:Evergreen:11.2 / libotr

[-] [+] Changed libotr.changes
[-] [+] Changed libotr.spec ^
Changed libotr-3.2.1.tar.gz ^
Deleted ready ^

Mentioned Issues (2)

CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a
boo#789190 Virtual SUSE Security Team _security_team Closed
VUL-0: libotr: multiple buffer overflows in libotr

There's nothing to be done right now

Request History

Stefan Lijewski lijews created request over 3 years ago
- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow
Stefan Lijewski lijews Request got accepted over 3 years ago
- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow

Comments for request 143614 (0)