Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
Summary: CVE-2005-2295 - netpanzer server remote DOS Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2295 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: netpanzer AssignedTo: hugo@devin.com.br ReportedBy: tibbs@math.uh.edu QAContact: extras-qa@fedoraproject.org CC: extras-qa@fedoraproject.org,fedora-security- list@redhat.com
(from the CVE): NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.
It seems this has been fixed in upstream SVN, but no release has been made and unfortunately upstream webSVN seems not to be responding for me.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
------- Additional Comments From j.w.r.degoede@hhs.nl 2006-05-24 13:29 EST ------- Erm, Tibs isn't this a duplicate of 192983, I understand you want to have a bug with the CVE in the summary now that there is a CVE, but you could have just changed the summary of 192983. I'm inclined to close this as a dup of 192983, but Ill leave that up to you or Hugo.
Hugo let me know if you need any assistence with this one.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
kaboom@oobleck.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |kaboom@oobleck.net
------- Additional Comments From kaboom@oobleck.net 2006-05-24 13:31 EST ------- They're two different bugs
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
------- Additional Comments From tibbs@math.uh.edu 2006-05-24 13:50 EST ------- Yes, this is an older issue that I noticed when searching the CVE database for netpanzer isues. It has a fix in SVN although I wasn't able to extract it; the other bug has no fix that I know of.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
------- Additional Comments From hugo@devin.com.br 2006-05-24 17:37 EST ------- I'm currently looking this as I'm getting the updated source code from the svn repository. A patch and a new release will follow shortly.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
hugo@devin.com.br changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.8-4
------- Additional Comments From hugo@devin.com.br 2006-06-09 11:44 EST ------- Found a patch to this issue in Gentoo build tree under:
games-strategy/netpanzer/files/netpanzer-0.8-min-size-check.patch
Fixed! Thanks.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2005-2295 - netpanzer server remote DOS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
hugo@devin.com.br changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.8-4
------- Additional Comments From hugo@devin.com.br 2006-06-14 09:18 EST ------- Package fixed. Closing. Thanks!
security@lists.fedoraproject.org
-
Red Hat Bugzilla