blob: 7b0ac149aa550e1ac465816fbcec17f9d2eb65d8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200610-08">
<title>Cscope: Multiple buffer overflows</title>
Cscope is vulnerable to multiple buffer overflows that could lead to the
execution of arbitrary code.
<product type="ebuild">cscope</product>
<announced>October 20, 2006</announced>
<revised>October 20, 2006: 01</revised>
<package name="dev-util/cscope" auto="yes" arch="*">
<unaffected range="ge">15.5.20060927</unaffected>
<vulnerable range="lt">15.5.20060927</vulnerable>
Cscope is a developer's tool for browsing source code.
Unchecked use of strcpy() and *scanf() leads to several buffer
<impact type="normal">
A user could be enticed to open a carefully crafted file which would
allow the attacker to execute arbitrary code with the permissions of
the user running Cscope.
There is no known workaround at this time.
All Cscope users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-util/cscope-15.5.20060927&quot;</code>
<uri link="">CVE-2006-4262</uri>
<metadata tag="submitter" timestamp="Wed, 18 Oct 2006 20:32:19 +0000">
<metadata tag="bugReady" timestamp="Wed, 18 Oct 2006 20:33:33 +0000">