| Summary: | net-im/gaim buffer overflow (CAN-2005-126{1|2}) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | major | CC: | rizzo | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | A1 [glsa] jaervosz | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-05-08 00:51:50 UTC
Created attachment 58320 [details, diff]
gaim-long_url.patch
Don please attach an updated ebuild to this bug, do NOT commit anything to CVS. Note that another CVE is coming from an MSN remote DoS bug. That fix is at http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/slp.c?r1=1.12.2.12&r2=1.12.2.13&diff_format=u Gaim postponed a previously scheduled release to include that first CVE fix and I believe this MSN one as well. Release is scheduled for tomorrow evening. Confirmed that new gaim release will be tonight. Thx Rizzo. Once it is public and we have an ebuild just open up this bug and call arches, might be while I sleep. gaim-1.3.0 is released and in portage. Stable x86. Other arches please test and stabilize ASAP. jaervosz: It seems only security team members can make a bug public. It won't let me uncheck the box. Sorry about that, opening. Arches please test and mark stable. stable on amd64 Gaim fixes another security issue (MSN Remote DoS, CAN-2005-1262) in 1.3.0: http://gaim.sourceforge.net/security/index.php?id=17 we came, we tested, we sparc'ed. stable on ppc, of course Yes the MSN exploit is also fixed in gaim-1.3.0. stable on ppc64 Stable on alpha + ia64. GLSA 200505-09 arm, hppa, mips please remember to mark stable to benifit from GLSA. Already stable on hppa |