[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gaim remote overflows (12x)

On Tue, Jan 27, 2004 at 06:55:15PM +0000, Adam D. Barratt wrote:
> On Tue, 2004-01-27 at 18:40, Daniel van Eeden wrote:
> > <http://security.e-matters.de/advisories/012004.html>
> gaim 0.75-2 was uploaded a couple of hours ago.

Hi, all.

Although the advisory says any version <= 0.75 is vulnerable, you seem
to convey that the version in stable is not vulnerable?  The last
/usr/share/doc/gaim/changelog.Debian.gz entry reads:

| gaim (1:0.58-2.3) stable-security; urgency=medium
|   * Non-maintainer upload by Security Team
|   * Applied patch from Christopher Blizzard <blizzard@redhat.com> to add a
|     missing malloc() before **argv is actually used.  This was introduced
|     in the security patch and tends to crash Gaim.
|  -- Martin Schulze <joey@infodrom.org>  Wed, 28 Aug 2002 15:15:45 +0200

I beg for a clarification.

Jan Minar                   "Please don't CC me, I'm subscribed." x 9

Attachment: pgpBPShM0Nkwe.pgp
Description: PGP signature

Reply to: