LogoopenSUSE Build Service > Request 143614
Sign Up | Log In

Request 143614 (accepted)

- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow

Submit package openSUSE:Evergreen:11.2:Test / libotr (revision 2) to package openSUSE:Evergreen:11.2 / libotr

[-] [+] Changed libotr.changes
[-] [+] Changed libotr.spec ^
[-] [+] Changed libotr-3.2.1.tar.gz/ChangeLog ^
[-] [+] Changed libotr-3.2.1.tar.gz/Makefile.in ^
[-] [+] Changed libotr-3.2.1.tar.gz/aclocal.m4 ^
[-] [+] Changed libotr-3.2.1.tar.gz/config.guess ^
[-] [+] Changed libotr-3.2.1.tar.gz/config.h.in ^
[-] [+] Changed libotr-3.2.1.tar.gz/config.sub ^
[-] [+] Changed libotr-3.2.1.tar.gz/configure ^
[-] [+] Changed libotr-3.2.1.tar.gz/configure.ac ^
[-] [+] Changed libotr-3.2.1.tar.gz/depcomp ^
[-] [+] Changed libotr-3.2.1.tar.gz/install-sh ^
[-] [+] Changed libotr-3.2.1.tar.gz/ltmain.sh ^
[-] [+] Changed libotr-3.2.1.tar.gz/missing ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/Makefile.in ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/auth.c ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/b64.c ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/b64.h ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/proto.c ^
[-] [+] Changed libotr-3.2.1.tar.gz/src/version.h ^
[-] [+] Changed libotr-3.2.1.tar.gz/toolkit/Makefile.in ^
[-] [+] Changed libotr-3.2.1.tar.gz/toolkit/parse.c ^
Deleted ready ^

Mentioned Issues (2)

CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a
boo#789190 Virtual SUSE Security Team _security_team Closed
VUL-0: libotr: multiple buffer overflows in libotr

There's nothing to be done right now

Request History

Stefan Lijewski lijews created request almost 4 years ago
- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow
Stefan Lijewski lijews Request got accepted over 3 years ago
- update to upstream 3.2.1 [bnc#789190, CVE-2012-3461]
  * More carefully check for crazy short OTR auth messages
  * fix a one-byte heap buffer overflow

Comments for request 143614 (0)