Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 99816 - net-im/gnugadu: Denial of Service or remote code execution (CAN-2005-1852)
Summary: net-im/gnugadu: Denial of Service or remote code execution (CAN-2005-1852)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: B1 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-21 10:26 UTC by Stefan Cornelius (RETIRED)
Modified: 2005-07-27 01:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Cornelius (RETIRED) gentoo-dev 2005-07-21 10:26:26 UTC
Karol Pasternak found two bugs in libgadu,
They can provide attacker to execute remote code or crash gg client

Reproducible: Always
Steps to Reproduce:
1. aplly patch for libgady from:
http://cvs.toxygen.net/ekg/lib/libgadu.c.diff?r1=1.147&r2=1.148&f=u
http://cvs.toxygen.net/ekg/lib/events.c.diff?r1=1.95&r2=1.96&f=u
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-21 10:28:06 UTC
Probably doesn't need to be secret, but I don't want to be the one who leaked
it. CC'ed sekretarz because he is the maintainer and working on ebuilds.
Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-21 12:11:39 UTC
Bumped to gnugadu-2.2.6-r1. This ebuild forces gnugadu to use external libgadu.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-21 21:38:41 UTC
Karol is upstream aware of this and could you test and mark stable on x86? 
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-21 22:27:52 UTC
Opening. x86/sekretarz please test and mark stable. 
Comment 5 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-22 01:35:00 UTC
Marked stable on x86
Comment 6 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-22 01:39:53 UTC
Thanks for bumping and marking stable, ready for GLSA.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-27 01:08:18 UTC
GLSA 200507-26