Bug 49228 (CVE-2004-0006)

Summary: VUL-0: CVE-2004-0006: gaim: missed one buffer oveflow
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0006: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patchinfo-box.gaim2

Description Thomas Biege 2004-01-30 22:46:54 UTC
Hi Mads. 
Bad news. We have still one bug in our gaim. 
Stefan told us, that the util.c:gaim_url_parse is in html.c:parse_url instead.
Comment 1 Thomas Biege 2004-01-30 22:46:54 UTC
<!-- SBZ_reproduce  -->
Comment 2 Mads Martin Joergensen 2004-01-30 23:22:05 UTC
Shit, that's why I needed you to go over it too, I was hoping 4 eyes would be
better than 2.

Anyway. Full loop again, with packages, patchinfo etc.?
Comment 3 Thomas Biege 2004-01-30 23:24:19 UTC
Unfortunately yes. 
I will attach the files ASAP. 
Comment 4 Thomas Biege 2004-01-30 23:30:05 UTC
Created attachment 15818 [details]
Comment 5 Thomas Biege 2004-01-30 23:31:12 UTC
Created attachment 15819 [details]
Comment 6 Mads Martin Joergensen 2004-02-02 20:39:47 UTC
Ok, submitted to 80 -> 90, and both patchinfos added.
Comment 7 Thomas Biege 2004-02-02 21:07:15 UTC
Comment 8 Thomas Biege 2004-02-03 20:57:03 UTC
packages approved 
Comment 9 Marcus Meissner 2008-01-20 22:16:59 UTC
i think part of CVE-2004-0006
Comment 10 Thomas Biege 2009-10-13 20:06:07 UTC
CVE-2004-0006: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)