-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: gaim
Version: 1:1.2.1-1.4
Severity: normal
Tags: security

Gaim in Sarge appears to be affected by CVE-2005-2369:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2369

When 1:1.5.0-1 was uploaded to unstable it resolved this problem (and it
has since migrated to testing), but the issue still remains in Sarge.

The issue has to do with libgadu (part of ekg) which is bundled with
gaim. Other similar issues having to do with this library were fixed in
1:1.4.0-5 were CVE-2005-2370, CVE-2005-2102, CVE-2005-2370, and
CVE-2005-2103 but CVE-2005-2369 seems to have slipped through.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD2Ysb9n4qXRzy1ioRAg4fAJ9tDvJIgHQA/QRRraYbs+M83XbsdwCdGfFq
RojPIk8SzeL1L+wlc/oplko=
=4jJJ
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to