blob: 204adbf1819a06a320497386e6399346a380485f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200807-15">
<title>Pan: User-assisted execution of arbitrary code</title>
A buffer overflow vulnerability in Pan may allow remote attacker to execute
arbitrary code.
<product type="ebuild">pan</product>
<announced>July 31, 2008</announced>
<revised>July 31, 2008: 01</revised>
<package name="net-nntp/pan" auto="yes" arch="*">
<unaffected range="ge">0.132-r3</unaffected>
<unaffected range="rge"></unaffected>
<unaffected range="eq">0.14.2</unaffected>
<vulnerable range="lt">0.132-r3</vulnerable>
Pan is a newsreader for the GNOME desktop.
Pavel Polischouk reported a boundary error in the PartsBatch class when
processing .nzb files.
<impact type="normal">
A remote attacker could entice a user to open a specially crafted .nzb
file, possibly resulting in the remote execution of arbitrary code with
the privileges of the user running the application.
There is no known workaround at this time.
All Pan users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-nntp/pan-0.132-r3&quot;</code>
<uri link="">CVE-2008-2363</uri>
<metadata tag="requester" timestamp="Tue, 01 Jul 2008 08:32:55 +0000">
<metadata tag="bugReady" timestamp="Fri, 04 Jul 2008 13:13:53 +0000">
<metadata tag="submitter" timestamp="Tue, 22 Jul 2008 11:35:24 +0000">