*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Recently security issue's been reported to Kadu *one of packages I maintain in Debian). Please see more about the issue here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1410 It's been fixed in newest upstream release -- 0.11.1. It's been uploaded to Debian Sid and has already migrated to Testing. Because of the bug fix, it has also been synced to Ubuntu Precise past the Feature Freeze. All versions of Kadu starting 0.9.0 and earlier than 0.11.1 are affected. Versions in Ubuntu affected by the bug: Oneiric (0.9.2-2) Natty (0.9.0-1) Commit that fix the bugs upstream is the following: https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52 Due to the bug there have been also additional hardening commited, but are not actual fixes the the bug: https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84 https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6 https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0 ** Affects: kadu (Ubuntu) Importance: Undecided Status: New -- CVE-2012-1410 https://bugs.launchpad.net/bugs/948112 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
