Reported on Vendor-Sec: There is a buffer overflow in gaim where an attacker can send a very long URL in a message (>8192 bytes). It's a stack based overflow, looks pretty ugly.
Created attachment 58320 [details, diff] gaim-long_url.patch
Don please attach an updated ebuild to this bug, do NOT commit anything to CVS.
Note that another CVE is coming from an MSN remote DoS bug. That fix is at http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/slp.c?r1=1.12.2.12&r2=1.12.2.13&diff_format=u Gaim postponed a previously scheduled release to include that first CVE fix and I believe this MSN one as well. Release is scheduled for tomorrow evening.
Confirmed that new gaim release will be tonight.
Thx Rizzo. Once it is public and we have an ebuild just open up this bug and call arches, might be while I sleep.
gaim-1.3.0 is released and in portage. Stable x86. Other arches please test and stabilize ASAP. jaervosz: It seems only security team members can make a bug public. It won't let me uncheck the box.
Sorry about that, opening. Arches please test and mark stable.
stable on amd64
Gaim fixes another security issue (MSN Remote DoS, CAN-2005-1262) in 1.3.0: http://gaim.sourceforge.net/security/index.php?id=17
we came, we tested, we sparc'ed.
stable on ppc, of course
Yes the MSN exploit is also fixed in gaim-1.3.0.
stable on ppc64
Stable on alpha + ia64.
GLSA 200505-09 arm, hppa, mips please remember to mark stable to benifit from GLSA.
Already stable on hppa