Accepted ekg 1:1.7~rc2-2 (source)
Ubuntu Installer
archive at ubuntu.com
Wed Mar 28 14:30:37 BST 2007
Accepted:
OK: ekg_1.7~rc2-2.dsc
-> Component: main Section: net
OK: ekg_1.7~rc2-2.diff.gz
Origin: Debian/unstable
Format: 1.7
Date: Wed, 28 Mar 2007 14:16:11 +0100
Source: ekg
Binary: ekg, libgadu-dev, libgadu3
Architecture: source
Version: 1:1.7~rc2-2
Distribution: feisty
Urgency: high
Maintainer: Marcin Owsiany <porridge at debian.org>
Changed-By: Michael Bienia <michael at vorlon.ping.de>
Description:
ekg - console Gadu Gadu client for UNIX systems
Changes:
ekg (1:1.7~rc2-2) unstable; urgency=high
.
* Security upload, for sid and etch
* Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause
memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null
pointer dereference resulting in a DoS (ekg program crash). Exploitable
by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may
cause memory exhaustion resulting in a DoS (ekg program crash).
Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
hostile GG server.
Files:
07043038c1160ce479ca0b1d317af7e3 740 net optional ekg_1.7~rc2-2.dsc
9eddf39967bd12f1c6b1cf7d43da1d68 36847 net optional ekg_1.7~rc2-2.diff.gz
More information about the feisty-changes
mailing list