After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 535413 - [Security] CVE-2008-2363 Buffer overflow in pan when parsing *.nzb files
[Security] CVE-2008-2363 Buffer overflow in pan when parsing *.nzb files
Status: RESOLVED FIXED
Product: Pan
Classification: Other
Component: general
pre-1.0 betas
Other Linux
: Urgent blocker
: 0.133
Assigned To: Charles Kerr
Pan QA Team
: 501914 555717 576474 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-05-29 07:14 UTC by Duncan
Modified: 2009-03-24 06:26 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Duncan 2008-05-29 07:14:55 UTC
This is a possible security issue which has already published to the public pan developer list, filed on Red Hat Bugzilla, and assigned a CVE number, so it's public.

CVE-2008-2363 but as of now all that gives me is "reserved".
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363

From Pavel's post to the pan devel list:
<quote>I discovered a heap overflow in pan 0.132, part of the code reading .nzb 
files (either from tasks.nzb or elsewhere). Usually it results in 
assertion failure, but in certain cases might lead to segmentation 
fault, arbitrary code execution shouldn't be ruled out either.</quote>

There is a patch available.  See the Red Hat Bug entry, here:
https://bugzilla.redhat.com/show_bug.cgi?id=446902

The post to pan's dev list, courtesy gmane, here:
http://permalink.gmane.org/gmane.comp.gnome.apps.pan.devel/1077
Comment 1 Duncan 2008-05-29 07:32:31 UTC
Gentoo bug here: http://bugs.gentoo.org/show_bug.cgi?id=224051
Comment 2 Charles Kerr 2008-07-04 15:12:06 UTC
Thanks very much to Pavel Polischouk for the patch in the RH bugzilla link.

Fixed in r340.
Comment 3 Charles Kerr 2008-07-04 16:11:48 UTC
*** Bug 501914 has been marked as a duplicate of this bug. ***
Comment 4 Christophe Lambin 2008-10-09 19:25:54 UTC
*** Bug 555717 has been marked as a duplicate of this bug. ***
Comment 5 Christophe Lambin 2009-03-24 06:26:03 UTC
*** Bug 576474 has been marked as a duplicate of this bug. ***