Re: Fixes for gaim/pidgin vulnerabilities?

To: Michael Gilbert <michael.s.gilbert@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Fixes for gaim/pidgin vulnerabilities?
From: Kees Cook <kees@outflux.net>
Date: Mon, 24 Nov 2008 15:52:18 -0800
Message-id: <20081124235218.GN13739@outflux.net>
In-reply-to: <8e2a98be0811241510h68b4966bke27ed7207d7391aa@mail.gmail.com>
References: <8e2a98be0811241510h68b4966bke27ed7207d7391aa@mail.gmail.com>

On Mon, Nov 24, 2008 at 06:10:14PM -0500, Michael Gilbert wrote:
> Also note that Ubuntu seems to have missed CVE-2008-2956 [2], which
> also applies to gaim/pidgin.  The problem has not yet been fixed in
> any of the Debian archives, which may explain why they did not include
> a patch for this one.

Actually, not even upstream has fixed this yet.  :(

http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2956

-Kees

-- 
Kees Cook                                            @outflux.net

Reply to:

References:
- Fixes for gaim/pidgin vulnerabilities?
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Fixes for gaim/pidgin vulnerabilities?
Next by Date: Re: Encrypt file while you are using it
Previous by thread: Fixes for gaim/pidgin vulnerabilities?
Next by thread: Re: [SECURITY] [DSA 1672-1] New imlib2 packages fix arbitrary code execution
Index(es):
- Date
- Thread