Hosting Provided By

Accepted ekg 1:1.7~rc2-1etch1 (source i386)

From: Marcin Owsiany <porridge(at)debian.org>
Date: Wed Aug 15 2007 - 18:31:46 EDT

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Sun, 6 May 2007 12:47:04 +0100
Source: ekg
Binary: ekg libgadu3 libgadu-dev
Architecture: source i386
Version: 1:1.7~rc2-1etch1
Distribution: stable-security
Urgency: high
Maintainer: Marcin Owsiany <porridge@debian.org> Changed-By: Marcin Owsiany <porridge@debian.org> Description:
ekg - console Gadu Gadu client for UNIX systems libgadu-dev - Gadu-Gadu protocol library - development files libgadu3 - Gadu-Gadu protocol library - runtime files Changes:
ekg (1:1.7~rc2-1etch1) stable-security; urgency=high .

Security upload for etch (same as 1:1.7~rc2-2, which didn't make it into etch before the release)
Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause memory exhaustion resulting in a DoS (ekg program crash). Exploitable by a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null pointer dereference resulting in a DoS (ekg program crash). Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may cause memory exhaustion resulting in a DoS (ekg program crash). Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG server. Files: f776cbffc3c5757239311f68cbb06863 750 net optional ekg_1.7~rc2-1etch1.dsc b4ea482130e163af1456699e2e6983d9 514073 net optional ekg_1.7~rc2.orig.tar.gz 1ed9055534fa44d865262b14f8b30341 36873 net optional ekg_1.7~rc2-1etch1.diff.gz cea1b184efefb7454b6c0b25a3e8d875 282332 net optional ekg_1.7~rc2-1etch1_i386.deb ab42291b25f3501983ea1fa3e61e5832 131262 libdevel optional libgadu-dev_1.7~rc2-1etch1_i386.deb 28242d8c48f5cf14b7cdd1dff1c8f44d 67370 libs optional libgadu3_1.7~rc2-1etch1_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGPcNAOg2KoGD0EhYRAhWUAJ9K7CWpXegOkeBttGNj1KGLGKRrGwCfVB1V E4NYSQmSWkBXcEeOdgoLoDo=
=0iur
-----END PGP SIGNATURE-----
Accepted:
ekg_1.7~rc2-1etch1.diff.gz
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz ekg_1.7~rc2-1etch1.dsc
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1.dsc ekg_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb libgadu-dev_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb libgadu3_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb

-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Wed Aug 15 18:43:03 2007

This message: [ Message body ]
Next message: Alexander Sack: "Accepted icedove 1.5.0.12.dfsg1-0etch1 (source all amd64)"
Previous message: maximilian attems: "Accepted initramfs-tools 0.85h (source all)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:58:27 EDT