Accepted ekg 1:1.7~rc2-2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 26 Mar 2007 18:53:19 +0100
Source: ekg
Binary: ekg libgadu3 libgadu-dev
Architecture: source i386
Version: 1:1.7~rc2-2
Distribution: unstable
Urgency: high
Maintainer: Marcin Owsiany <porridge@debian.org>
Changed-By: Marcin Owsiany <porridge@debian.org>
Description:
ekg - console Gadu Gadu client for UNIX systems
libgadu-dev - Gadu-Gadu protocol library - development files
libgadu3 - Gadu-Gadu protocol library - runtime files
Changes:
ekg (1:1.7~rc2-2) unstable; urgency=high
.
* Security upload, for sid and etch
* Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause
memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null
pointer dereference resulting in a DoS (ekg program crash). Exploitable
by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may
cause memory exhaustion resulting in a DoS (ekg program crash).
Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
hostile GG server.
Files:
07043038c1160ce479ca0b1d317af7e3 740 net optional ekg_1.7~rc2-2.dsc
9eddf39967bd12f1c6b1cf7d43da1d68 36847 net optional ekg_1.7~rc2-2.diff.gz
552beb74321233fea92d58f912c9e48a 285478 net optional ekg_1.7~rc2-2_i386.deb
4e2e9565e2adec41cb06b02af84d6bcd 131210 libdevel optional libgadu-dev_1.7~rc2-2_i386.deb
781dbcc66a50758ba1c6c57e4d4e8bd4 67192 libs optional libgadu3_1.7~rc2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGCAxwOg2KoGD0EhYRAnBxAJ9O2FqhIR+uLfRnAIx+iPpHnTVhRACfamWH
+UauoiX6ZYkh/wP4pNKB00I=
=8sM7
-----END PGP SIGNATURE-----
Accepted:
ekg_1.7~rc2-2.diff.gz
to pool/main/e/ekg/ekg_1.7~rc2-2.diff.gz
ekg_1.7~rc2-2.dsc
to pool/main/e/ekg/ekg_1.7~rc2-2.dsc
ekg_1.7~rc2-2_i386.deb
to pool/main/e/ekg/ekg_1.7~rc2-2_i386.deb
libgadu-dev_1.7~rc2-2_i386.deb
to pool/main/e/ekg/libgadu-dev_1.7~rc2-2_i386.deb
libgadu3_1.7~rc2-2_i386.deb
to pool/main/e/ekg/libgadu3_1.7~rc2-2_i386.deb
Reply to: