Hi, Can you please unblock kadu-0.6.0.2-3? This upload contains a fix for CVE-2008-4776 (#504429, #504430)
Here's a debdiff between 0.6.0.2-2 and 0.6.0.2-3: diff -u kadu-0.6.0.2/debian/watch kadu-0.6.0.2/debian/watch --- kadu-0.6.0.2/debian/watch +++ kadu-0.6.0.2/debian/watch @@ -1,3 +1,3 @@ version=3 -opts=uversionmangle=s/(alpha|beta|rc)/~$1/ \ +opts=uversionmangle=s/-(alpha|beta|rc)/~$1/ \ http://www.kadu.net/download/stable/kadu-(.*)\.tar\.bz2 diff -u kadu-0.6.0.2/debian/changelog kadu-0.6.0.2/debian/changelog --- kadu-0.6.0.2/debian/changelog +++ kadu-0.6.0.2/debian/changelog @@ -1,3 +1,11 @@ +kadu (0.6.0.2-3) unstable; urgency=high + + * Now Kadu is linked against libgadu provided by libgadu3 package, instead + of the one shipped in Kadu's tarball. This fixes CVE-2008-4776 + (Closes: #504429, #504430) + + -- Patryk Cisek <[EMAIL PROTECTED]> Tue, 04 Nov 2008 15:37:05 +0100 + kadu (0.6.0.2-2) unstable; urgency=low [ Patryk Cisek ] diff -u kadu-0.6.0.2/debian/rules kadu-0.6.0.2/debian/rules --- kadu-0.6.0.2/debian/rules +++ kadu-0.6.0.2/debian/rules @@ -9,6 +9,8 @@ DEB_COMPRESS_EXCLUDE := AUTHORS THANKS LICENSE about-changes- tab.txt DEB_BUILD_ARCH_OS := $(shell dpkg-architecture - qDEB_BUILD_ARCH_OS) +DEB_CONFIGURE_EXTRA_FLAGS := --with-existing-libgadu + makebuilddir/kadu:: sh debian/extract.sh $(CURDIR) $(DEB_BUILDDIR) find . -name '*.o' -delete diff -u kadu-0.6.0.2/debian/control kadu-0.6.0.2/debian/control --- kadu-0.6.0.2/debian/control +++ kadu-0.6.0.2/debian/control @@ -2,7 +2,7 @@ Section: net Priority: optional Maintainer: Patryk Cisek <[EMAIL PROTECTED]> -Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 5), patchutils (>= 0.2.25), sharutils, bzip2, libqt3-mt-dev, libao-dev, libsndfile1-dev (>= 1.0), kdelibs4-dev, libcurl3-gnutls-dev, libaudio-dev, libgtk1.2-dev, libxosd-dev, audacious-dev, libxtst-dev +Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 5), patchutils (>= 0.2.25), sharutils, bzip2, libqt3-mt-dev, libao-dev, libsndfile1-dev (>= 1.0), kdelibs4-dev, libcurl3-gnutls-dev, libaudio-dev, libgtk1.2-dev, libxosd-dev, audacious-dev, libxtst-dev, libgadu-dev Standards-Version: 3.8.0 Homepage: http://kadu.net @@ -33,7 +33,6 @@ Package: kadu-dev Architecture: all Recommends: kadu -Conflicts: libgadu-dev Section: libdevel Description: Development files for Kadu Gadu-Gadu is a Windows instant messenger, very popular in Poland.
signature.asc
Description: This is a digitally signed message part.
