On Tue, Jan 27, 2004 at 06:55:15PM +0000, Adam D. Barratt wrote: > On Tue, 2004-01-27 at 18:40, Daniel van Eeden wrote: > > <http://security.e-matters.de/advisories/012004.html> > > gaim 0.75-2 was uploaded a couple of hours ago. Hi, all. Although the advisory says any version <= 0.75 is vulnerable, you seem to convey that the version in stable is not vulnerable? The last /usr/share/doc/gaim/changelog.Debian.gz entry reads: | gaim (1:0.58-2.3) stable-security; urgency=medium | | * Non-maintainer upload by Security Team | * Applied patch from Christopher Blizzard <blizzard@redhat.com> to add a | missing malloc() before **argv is actually used. This was introduced | in the security patch and tends to crash Gaim. | | -- Martin Schulze <joey@infodrom.org> Wed, 28 Aug 2002 15:15:45 +0200 I beg for a clarification. Jan. -- Jan Minar "Please don't CC me, I'm subscribed." x 9
Attachment:
pgpY7BfQpekWk.pgp
Description: PGP signature