Summary: | net-im/ekiga < 2.0.5 Format String Vulnerability CVE-2007-1006 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | voip+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/24194/ | ||
Whiteboard: | B2 [glsa] Executioner | ||
Package list: | Runtime testing required: | --- |
Description
Executioner
2007-02-19 17:19:31 UTC
heh, this baby is already in the tree. arches, please test and stable version 2.0.5, thx ps: i know some of you are visiting fosdem now - enjoy and have fun! net-im/ekiga-2.0.5 USE="dbus doc gnome sdl -avahi -debug" 1. emerges on x86 2. passes collision test 3. works Portage 2.1.2-r9 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19.3 i686) ================================================================= System uname: 2.6.19.3 i686 AMD Athlon(TM) XP1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Sat, 24 Feb 2007 11:00:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS (In reply to comment #3) > net-im/ekiga-2.0.5 USE="dbus doc gnome sdl -avahi -debug" > 1. emerges on x86 > 2. passes collision test > 3. works sorry I forgot to mention that this version needs the following two deps stable: dev-libs/pwlib-1.10.4 net-libs/opal-2.2.5 both emerge w/o problems on x86 and pass collision test. dev-libs/pwlib-1.10.4 net-libs/opal-2.2.5 net-im/ekiga-2.0.5 x86 stable, thanks Markus ppc64 stable SPARC stable *** Bug 168771 has been marked as a duplicate of this bug. *** stable on hppa. Sorry for the delay. marked stable by beandog on amd64 ppc stable we cant wait any longer here. either get it stable, or it will fly out without you. kloeri wanted to take care of it for alpha tomorrow http://bugzilla.gnome.org/show_bug.cgi?id=415526 back to ebuild status :( Finally stabled Alpha + IA64. I'm not removing us from the bug because of comment #14. Nice. But as said in comment #14, the fix doesn't fix the weakness. VoIP team, please advise voip team please advise or comment OK. I so don't want to ship something that might be vulnerable for the 2007.0 release. Anybody got any comments here? dev-libs/pwlib-1.10.5, net-libs/opal-2.2.6 and net-im/ekiga-2.0.7 are in. They should all go stable at the same time and sparc stable btw. x86 got the call ppc64 stable alpha/amd64/ia64/ppc done Stable for HPPA (killerfox) Thanks everybody GLSA 200703-25, thanks! I hope this is the good one |