Package: libgadu3 Version: 1:1.8.0+r592-2 Severity: important Tags: security, patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libgadu3. CVE-2008-4776: libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. The Red Hat bug report[1] has more information and the upstream patch[2]. Since it seems that the issue can only be used to perform a DoS and libgadu is used by messenger clients, it shouldn't need a DSA/DTSA. However, it would be nice to get the issue fixed in lenny via migration through unstable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776 http://security-tracker.debian.net/tracker/CVE-2008-4776 [1] https://bugzilla.redhat.com/show_bug.cgi?id=468830 [2] https://bugzilla.redhat.com/attachment.cgi?id=321690 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
