Re: Bug#319443: kopete: Kopete embeds a local copy of the vulnerable libgadu (CAN-2005-1852)
close 319443 4:3.3.2-5
thanks
* Moritz Muehlenhoff [Fri, 22 Jul 2005 07:44:30 +0200]:
> Package: kopete
> Severity: normal
> Kopete embeds a copy of the gadu library, which is vulnerable to
> remotely exploitable integer overflows. Judging from the original KDE
> advisory the embedded version is only used as a fallback. As there's
> a dependency on Debian's libgadu, which has already been fixed Kopete
> is probably not directly affected. If this should not be the case please
> bump the urgency.
As you say, kopete in Debian dynamically links against libgadu instead
of using its internal copy. This was not true for a while in the recent
past, but the fix uploaded on 2005-05-24 [1] did make into sarge.
[1] http://lists.debian.org/debian-devel-changes/2005/05/msg01450.html
I'm closing the bug, but thanks for reporting.
> Original advisory:
> http://www.kde.org/info/security/advisory-20050721-1.txt
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Never let your sense of morals get in the way of doing what's right.
-- Isaac Asimov
Reply to: