Bug#559784: qutecom: CVE-2008-4776 denial-of-service
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Dec 13 00:23:58 UTC 2009
On Sat, 12 Dec 2009 16:05:55 -0800 Ludovico Cavedon wrote:
> Hi Michael,
>
> Michael Gilbert wrote:
> > the following CVE (Common Vulnerabilities & Exposures) id was published
> > for libgadu. Centerim embeds libpurple, which embeds libgadu, so it is
> > affected.
>
> I am sure what stated above is correct. According to my investigation:
> -libpurble does not embded libgadu directly, but has its own
> implementation of the gadugadu protocol
> -centerim embeds libgadu directly
>
> Therefore this CVE does not apply to qutecom.
based on [0], qutecom embeds the exact same code as libpurple,
so it is indeed affected.
mike
[0] http://source.debian.net/source/search?q=&defs=&refs=&path=libgadu.c&hist=
More information about the Pkg-voip-maintainers
mailing list