From $URL : a denial of service flaw was found in the way Ekiga, a Gnome based SIP/H323 teleconferencing application, processed information from certain OPAL connections ([certain] UTF-8 strings were not verified for validity prior showing them). A remote attacker (other party with a not UTF-8 valid name) could use this flaw to cause ekiga executable crash. Upstream bug report: [1] https://bugzilla.gnome.org/show_bug.cgi?id=653009 Relevant upstream patch: [2] http://git.gnome.org/browse/ekiga/commit/?id=7d09807257 References: [3] http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news [4] https://bugzilla.redhat.com/show_bug.cgi?id=883058
I just bumped net-voip/ekiga-4.0.0 which takes care of this bug from upstream.
(In reply to comment #1) > I just bumped net-voip/ekiga-4.0.0 which takes care of this bug from > upstream. Is ok to stabilize?
Upstream is stable and I just bumped ekiga-4.0.0-r1. There is a bug regarding Qt which I still have to check, so I don't think this is, yet, OK for stabilization. I need some more time to test.
(In reply to comment #3) > Upstream is stable and I just bumped ekiga-4.0.0-r1. > There is a bug regarding Qt which I still have to check, so I don't think > this is, yet, OK for stabilization. I need some more time to test. Is the issue still present? Can I assist in testing?
Somehow I lost track of this bug. I'd say go ahead with stabilization, that Qt bug was a non-issue.
Arches, please test and mark stable: =net-voip/ekiga-4.0.0-r1 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"
amd64 stable
x86 stable
ppc stable
ia64 stable
alpha stable
ppc64 stable
Reverting whiteboard to B3 [stable] - sparc is in security-supported arches list, waiting for stabilization...
sparc stable
Cleanup, please! GLSA vote: no
NO too, keeping open for cleanup.
Maintainer(s), please drop the vulnerable version (3.2.7).
Maintainer timeout, cleanup done, closing noglsa.
