https://bugzilla.novell.com/show_bug.cgi?id=789190 https://bugzilla.novell.com/show_bug.cgi?id=789190#c0 Summary: multiple buffer overflows in libotr Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0 Versions 3.2.0 and earlier of libotr contain a small heap write overrun and a large heap read overrun http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461 http://seclists.org/oss-sec/2012/q3/195 http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html devel package and openSUSE:Factory are on a later version. I am currently working on a compatibility package libotr2 with version 3.2.0 / 3.2.1 to fix irc-otr in openSUSE:Factory, ( #789175 ) which is how I found this. https://build.opensuse.org/request/show/140870 MRs following soon. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.