GNOME Bugzilla – Bug 535413
[Security] CVE-2008-2363 Buffer overflow in pan when parsing *.nzb files
Last modified: 2009-03-24 06:26:03 UTC
This is a possible security issue which has already published to the public pan developer list, filed on Red Hat Bugzilla, and assigned a CVE number, so it's public. CVE-2008-2363 but as of now all that gives me is "reserved". http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363 From Pavel's post to the pan devel list: <quote>I discovered a heap overflow in pan 0.132, part of the code reading .nzb files (either from tasks.nzb or elsewhere). Usually it results in assertion failure, but in certain cases might lead to segmentation fault, arbitrary code execution shouldn't be ruled out either.</quote> There is a patch available. See the Red Hat Bug entry, here: https://bugzilla.redhat.com/show_bug.cgi?id=446902 The post to pan's dev list, courtesy gmane, here: http://permalink.gmane.org/gmane.comp.gnome.apps.pan.devel/1077
Gentoo bug here: http://bugs.gentoo.org/show_bug.cgi?id=224051
Thanks very much to Pavel Polischouk for the patch in the RH bugzilla link. Fixed in r340.
*** Bug 501914 has been marked as a duplicate of this bug. ***
*** Bug 555717 has been marked as a duplicate of this bug. ***
*** Bug 576474 has been marked as a duplicate of this bug. ***