17733 – gaim-encryption security update

Bug 17733 - gaim-encryption security update

Summary: gaim-encryption security update

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-03-17 21:23 UTC by Brandon Low (RETIRED)
Modified:	2003-05-31 23:12 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brandon Low (RETIRED) gentoo-dev

2003-03-17 21:23:58 UTC

I am about to commit a new ~masked ebuild for gaim-0.59.9-r1 which contains an
important security fix for the gaim-encryption plugin.  I have been contacted by
the creator of the gaim-encryption plugin and he asked me to get it in the
ebuild ASAP but not to make a security announcement for a few days.  Uhh yeah.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-03-30 11:06:17 UTC

Has the gaim-encryption author said anything more in this matter?

Comment 2 Brandon Low (RETIRED) gentoo-dev

2003-04-17 12:52:52 UTC

Hmm... never heard anything about an official security advisory, however, there are now two versions beyond this versino of the plugin (for 0.60 and 0.61 of gaim), and I have just marked 0.59.9-r1 stable, so I think we should issue a GLSA to have users on previous versions of gaim with USE="ssl" upgrade their gaims.

Comment 3 Brandon Low (RETIRED) gentoo-dev

2003-04-17 16:46:26 UTC

confirmed, we can issue a GLSA, see
http://www.securityfocus.com/bid/7182
for more info

Comment 4 Don Seiler (RETIRED) gentoo-dev

2003-05-30 22:03:49 UTC

Can this bug be closed?

Comment 5 Brandon Low (RETIRED) gentoo-dev

2003-05-31 23:12:09 UTC

long gone.