Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 22 Jul 2005 07:44:30 +0200
Message-id: <[🔎] E1DvqKk-0008FH-Ny@vserver151.vserver151.serverflex.de>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 319443@bugs.debian.org

Package: kopete
Severity: normal

Kopete embeds a copy of the gadu library, which is vulnerable to
remotely exploitable integer overflows. Judging from the original KDE
advisory the embedded version is only used as a fallback. As there's
a dependency on Debian's libgadu, which has already been fixed Kopete
is probably not directly affected. If this should not be the case please
bump the urgency.

Original advisory:
http://www.kde.org/info/security/advisory-20050721-1.txt

Cheers,
         Moritz
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Reply to:

Follow-Ups:
- Re: Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)
  - From: Adeodato Simó <asp16@alu.ua.es>

Prev by Date: Bug#305006: kdelibs4: depends on libaspell15, but it have to be libaspell15c2
Next by Date: Re: Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)
Previous by thread: Bug#305006: kdelibs4: depends on libaspell15, but it have to be libaspell15c2
Next by thread: Re: Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)
Index(es):
- Date
- Thread