Found two bugs in libgadu, They can provide attacker to execute remote code or crash gg client Reproducible: Always Steps to Reproduce: 1. aplly patch for libgady from: http://cvs.toxygen.net/ekg/lib/libgadu.c.diff?r1=1.147&r2=1.148&f=u http://cvs.toxygen.net/ekg/lib/events.c.diff?r1=1.95&r2=1.96&f=u
net-im, please provide an ebuild with the fixes and advise if other packages could be affected by this. Thanks
net-im/kadu is also affected. Working on ebuilds.
net-im/ekg and net-libs/libgadu also affected
net-im/ekg net-im/kadu net-libs/libgadu bumped net-im/ekg2 doesn't need bump, because it uses external gadu-gadu lib.
hppa, ia64, x86: pls test and mark net-im/ekg-1.6_rc3 stable amd64, ppc, x86: pls test and mark net-im/kadu-0.4.1 stable libgadu and ekg2 were never marked stable so we are done with them.
libgadu is new ekg dependency, so it also need to be marked stable.
*** Bug 99690 has been marked as a duplicate of this bug. ***
Stable on hppa
Stable on ppc.
net-im/kadu stable on amd64.
x86 done
ready for glsa.
GLSA 200507-26