Your message dated Tue, 31 Oct 2006 21:17:56 +0100
with message-id <[EMAIL PROTECTED]>
and subject line This was fixed quite a long time ago.
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: gaim
Version: 1:1.2.1-1.4
Severity: grave
Justification: user security hole

This info from http://www.securityfocus.com/bid/14531. Seems ubuntu have
released usn-168-1 to announce their fix:
http://www.ubuntulinux.org/support/documentation/usn/usn-168-1

CAN-2005-2102 is about an attacker crashing gaim by sending a file over
ICQ with a filename containing invalid UTF-8 characters.

CAN-2005-2103 is about a memory alignment problem in the Gadu library
for the Gadu protocol, of which Gaim has a copy of.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages gaim depends on:
ii  gaim-data              1:1.2.1-1.4       multi-protocol instant messaging c


--- End Message ---
--- Begin Message ---
Version: 1:1.4.0-5

gaim  (1:1.4.0-5) unstable; urgency=high

   * This release fixes three remotely-exploitable security issues.
     These will be fixed in 1.5.0, but I'm adding the patches now so
     I don't have to rush to package 1.5.0 when it comes out.
 
   * debian/patches/away-message-CAN-2005-2103.patch:
     - Added
     - Fixes CAN-2005-2103: Away message buffer overflow (arbitrary
       code execution)
   *  debian/patches/libgg-CAN-2005-2370.patch:
     - Added
     - Fixes CAN-2005-2370: Memory alignment bug in libgadu
   *  debian/patches/oscar-CAN-2005-2102.patch:
     - Added
     - Fixes CAN-2005-2102: OSCAR UTF-8 filename remote crash
 
   * debian/control:
     - Remove version from libgtkspell-dev build-depends, since the aspell
       C++ transition was reverted.

 -- Ari Pollak <[EMAIL PROTECTED]>  Wed, 10 Aug 2005 11:49:26 -0400 

The current version in testing has a much higher version number
than that.

Regards,

// Ola

-- 
 --------------------- Ola Lundqvist ---------------------------
/  [EMAIL PROTECTED]                     Annebergsslingan 37      \
|  [EMAIL PROTECTED]                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

--- End Message ---

Reply via email to