Package: gnunet Severity: serious Tags: security patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2413: "GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors." According to https://gnunet.org/svn/GNUnet/ChangeLog, this issue was fixed after the release of GNUnet 0.7.0d. I have set this to serious because the default answer to the debconf prompt is to start GNUnet at boot. A patch may be obtained from svn: svn diff -r2780:2781 https://gnunet.org/svn/GNUnet Please mention the CVE in your changelog. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEbrjrAud/2YgchcQRAjOQAKCIMb7e/Bcsh7T1Hw3mDzpIdR3WpACgs/wB t7wS26oYSh8z9sZe+SjXpEw= =Q+eW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
