Bug#559784: qutecom: CVE-2008-4776 denial-of-service
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Dec 7 02:59:19 UTC 2009
Package: qutecom
Version: 2.2~rc3.hg396~dfsg1-3+b1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was published
for libgadu. Centerim embeds libpurple, which embeds libgadu, so it is
affected.
CVE-2008-4776[0]:
| libgadu before 1.8.2 allows remote servers to cause a denial of
| service (crash) via a contact description with a large length, which
| triggers a buffer over-read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776
http://security-tracker.debian.org/tracker/CVE-2008-4776
More information about the Pkg-voip-maintainers
mailing list