CVE reference: CAN-2005-2102 CAN-2005-2103 Description: A vulnerability and a weakness have been reported in Gaim, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. 1) An error in the handling of away messages can be exploited to cause a heap- based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ. Successful exploitation allows execution of arbitrary code. 2) An error in the handling of file transfers can be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ. ---------------------- All versions seem to be vulnerable.
Pulling in net-im herd so that they are ready whenever upstream is.
gaim-1.5.0 slated for release Thurs evening.
*** Bug 102133 has been marked as a duplicate of this bug. ***
1.5.0 is also fixing CAN-2005-2370: Summary:A memory alignment bug in the Gadu-Gadu protocol plugin can result in a buffer overflow Description: There was a memory alignment bug in the library Gaim uses to access the Gadu-Gadu network. This bug can not be exploited on x86 architectures. This bug was recently fixed in the libgadu library, but also needed to be fixed in Gaim because Gaim includes a copy of the libgadu library.
Memory alignment bug was fixed in 1.4.0-r2. I currently don't have a viable gentoo desktop, thanks to some CPU/mobo frying. tester@gentoo.org is going to cover this for me.
added gaim-1.5.0 and marked it stable for x86 & amd64
Arches please test and mark gaim-1.5.0 stable, thanks
Stable on PPC.
stable on ppc64
sparc stable.
alpha stable
stable on mips.
It still misses hppa.
Stable on ia64.
Stable on hppa.
GLSA 200508-06 arm please remember to mark stable to benifit from the GLSA.