Bug#413280: gnomemeeting: Format string vulnerabilities

Moritz Muehlenhoff jmm at debian.org
Sat Mar 3 23:04:16 CET 2007


Package: gnomemeeting
Severity: grave
Tags: security
Justification: user security hole

While fixed for Ekiga, GnomeMeeting is still affected by unauthenticated,
remote format string flaws. I'm attaching the patch I used for stable,
but the proper fix is probably to remove gnomemeeting from Etch:

Why is gnomemeeting still in etch along with the new name Ekiga?
We can't support an arbitrary number of old packages just because
they have been renamed at some point in time; our archive it already
way too big.

Cheers,
        Moritz

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 99_security-CVE-2007-1006.dpatch
Type: application/x-shellscript
Size: 6378 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070303/0b91cdcb/99_security-CVE-2007-1006-0001.bin


More information about the Pkg-gnome-maintainers mailing list