[Pan-devel] Re: Buffer overflow in pan when parsing .nzb files

[Duncan]

Pavel Polischouk
<address@hidden> posted
address@hidden, excerpted below, on  Wed, 28 May 2008 23:12:22
-0400:

> I discovered a heap overflow in pan 0.132, part of the code reading .nzb
> files (either from tasks.nzb or elsewhere). Usually it results in
> assertion failure, but in certain cases might lead to segmentation
> fault, arbitrary code execution shouldn't be ruled out either.

> The bug is tracked in RedHat bugzilla for Fedora 9:
> https://bugzilla.redhat.com/show_bug.cgi?id=446902 There are some stack
> traces from failed assertion and segmentation faults caused by this bug,
> as well as some trigger .nzb files attached to that bugzilla entry.
> 
> The proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=306880
> 
> Signed-off by: Pavel Polischouk
> <address@hidden>

Thanks.  It's now filed in gnome/pan's buzilla, and since I'm a Gentoo 
user, I've filed a bug there as well.

http://bugzilla.gnome.org/show_bug.cgi?id=535413
http://bugs.gentoo.org/show_bug.cgi?id=224051

To keep the info together, here's the URL for the CVE entry you filed as 
well, altho currently all it says is "reserved".

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman