Launchpad has imported 13 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=372021.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-11-09T01:51:23+00:00 Nathan wrote: Description of problem: pidgin crashes on login to a silc account. I tried setting it up fresh, and from old setup. Both caused the crash. Version-Release number of selected component (if applicable): pidgin-2.2.2-1.fc8.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Install pidgin 2. Run pidgin 3. Setup silc account Actual results: Crash Expected results: Runs normally Additional info: If run from a terminal window it mentions a buffer overflow. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/0 ------------------------------------------------------------------------ On 2007-11-26T21:40:18+00:00 luca wrote: I can confirm this odd behavior that happens just with silc accounts. A workaround for this problem is to downgrade to libsilc-1.0.2-2.fc6, the one installed by default under fedora 7. This suggest to me that the problem could be in libsilc itself but I didn't investigate deeper. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-toolkit/+bug/202752/comments/1 ------------------------------------------------------------------------ On 2008-01-04T03:04:16+00:00 Stu wrote: I think we'll need a backtrace with both pidgin-debuginfo and libsilc-debuginfo installed to be able to get anywhere with this. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/2 ------------------------------------------------------------------------ On 2008-01-06T15:07:58+00:00 luca wrote: Created attachment 290915 Backtrace with debuginfo Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/3 ------------------------------------------------------------------------ On 2008-01-06T18:13:35+00:00 Stu wrote: This appears to be a libsilc problem, could you please try this libsilc package to see if the crash is fixed, and if you are now able to log in to silc? http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/ Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/4 ------------------------------------------------------------------------ On 2008-01-06T21:56:19+00:00 luca wrote: This seems to solve the problem for me. Now I can log in to silc without crashing pidgin anymore. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/5 ------------------------------------------------------------------------ On 2008-01-26T15:42:54+00:00 Fedora wrote: libsilc-1.0.2-5.fc7 has been submitted as an update for Fedora 7 Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/6 ------------------------------------------------------------------------ On 2008-01-26T15:42:57+00:00 Fedora wrote: libsilc-1.0.2-5.fc8 has been submitted as an update for Fedora 8 Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/7 ------------------------------------------------------------------------ On 2008-01-27T07:14:10+00:00 Fedora wrote: libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libsilc'. You can provide feedback for this update here: http://admin.fedoraproject.org/F8/FEDORA-2008-1041 Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/8 ------------------------------------------------------------------------ On 2008-02-28T21:35:52+00:00 Fedora wrote: libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/9 ------------------------------------------------------------------------ On 2008-02-28T21:46:11+00:00 Fedora wrote: libsilc-1.0.2-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/10 ------------------------------------------------------------------------ On 2008-03-11T21:01:54+00:00 Lubomir wrote: I'm not convinced the contents of the buffer are in attacker's control; did anyone conduct some investigation? Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/11 ------------------------------------------------------------------------ On 2008-03-20T16:41:16+00:00 Stu wrote: (In reply to comment #11) > I'm not convinced the contents of the buffer are in attacker's control; did > anyone conduct some investigation? I asked this of upstream and the reply was: > I'm not sure but I think this wasn't so serious. I never got it crash myself. Reply at: https://bugs.launchpad.net/ubuntu/+source/silc- toolkit/+bug/202752/comments/16 ** Changed in: silc-toolkit (Fedora) Importance: Unknown => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/202752 Title: [CVE-2008-1227] Stack-based buffer overflow causes DoS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/silc-toolkit/+bug/202752/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs