Gaim contains several remote overflows related to the MSN-protocol parsing functions that may allow remote code execution. No further details have been provided.
Unclear if this is fixed in gaim-0.81.
Created attachment 37199 [details]
Rats log for assessing the security issues.
Here's a rats log which might help in addressing the security issue. There
appears to be a lot of High ranking bugs in it. I'll take a look and see.
I'll ask upstream and report back.
Chris did you run RATS against the 0.81 package?
Upstream identified potential exploits from SuSE, one had already been fixed, other is patched in their CVS and now in net-im/gaim-0.81-r1, just committed to portage.
Thinking about ARCH vs ~ARCH, right now 0.80 is stable on all. I was going to start pushing 0.81 later this week. Should make that push for what I presume will be a GLSA or do you want me to backport the fix to 0.80 as well?
I'd rather see users moved to 0.81 for the bug fixes anyway. Let me know what you guys think.
Stable on x86. Other arches can you please push this through to stable for a security fix?
By "this" I mean net-im/gaim-0.81-r1.
lv marked stable on amd64
rizzo thanks for the swift reaction.
i'm testing this on ppc
Don't know if it's normal but i can't login:
account: Connecting to account 0x10186408. gc = 0x1037b1f8
connection: Connecting. gc = 0x1037b1f8
connection: Calling serv_login
server: gaim 0.81 logging in email@example.com using MSN
dns: Successfully sent DNS request to child 26777
dns: Host 'messenger.hotmail.com' resolved
proxy: Connecting to messenger.hotmail.com:1863 with no proxy
proxy: Connect would have blocked.
account: Disconnecting account 0x10186408
connection: Disconnecting connection 0x1037b1f8
connection: Destroying connection 0x1037b1f8
accounts: Writing accounts to disk.
just got to logging in, added stable
Stable on hppa.
GLSA drafted security please review
alpha ia64 mips remember to mark stable to benifit from GLSA.
Stable on alpha.
stable on mips