Debian Package Tracker

From: Marcin Owsiany <porridge@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ekg 1:1.7~rc2-2 (source i386)
Date: Mon, 26 Mar 2007 18:17:03 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 26 Mar 2007 18:53:19 +0100
Source: ekg
Binary: ekg libgadu3 libgadu-dev
Architecture: source i386
Version: 1:1.7~rc2-2
Distribution: unstable
Urgency: high
Maintainer: Marcin Owsiany <porridge@debian.org>
Changed-By: Marcin Owsiany <porridge@debian.org>
Description: 
 ekg        - console Gadu Gadu client for UNIX systems
 libgadu-dev - Gadu-Gadu protocol library - development files
 libgadu3   - Gadu-Gadu protocol library - runtime files
Changes: 
 ekg (1:1.7~rc2-2) unstable; urgency=high
 .
   * Security upload, for sid and etch
   * Patched three medium severity security issues in src/events.c:
     - CVE-2007-1663 A memory leak in handling image messages, which may cause
       memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
       a hostile GG user.
     - CVE-2007-1664 off-by-one in token OCR function, which may cause a null
       pointer dereference resulting in a DoS (ekg program crash). Exploitable
       by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
       server.
     - CVE-2007-1665 potential memory exhaust in token OCR function, which may
       cause memory exhaustion resulting in a DoS (ekg program crash).
       Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
       hostile GG server.
Files: 
 07043038c1160ce479ca0b1d317af7e3 740 net optional ekg_1.7~rc2-2.dsc
 9eddf39967bd12f1c6b1cf7d43da1d68 36847 net optional ekg_1.7~rc2-2.diff.gz
 552beb74321233fea92d58f912c9e48a 285478 net optional ekg_1.7~rc2-2_i386.deb
 4e2e9565e2adec41cb06b02af84d6bcd 131210 libdevel optional libgadu-dev_1.7~rc2-2_i386.deb
 781dbcc66a50758ba1c6c57e4d4e8bd4 67192 libs optional libgadu3_1.7~rc2-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGCAxwOg2KoGD0EhYRAnBxAJ9O2FqhIR+uLfRnAIx+iPpHnTVhRACfamWH
+UauoiX6ZYkh/wP4pNKB00I=
=8sM7
-----END PGP SIGNATURE-----


Accepted:
ekg_1.7~rc2-2.diff.gz
  to pool/main/e/ekg/ekg_1.7~rc2-2.diff.gz
ekg_1.7~rc2-2.dsc
  to pool/main/e/ekg/ekg_1.7~rc2-2.dsc
ekg_1.7~rc2-2_i386.deb
  to pool/main/e/ekg/ekg_1.7~rc2-2_i386.deb
libgadu-dev_1.7~rc2-2_i386.deb
  to pool/main/e/ekg/libgadu-dev_1.7~rc2-2_i386.deb
libgadu3_1.7~rc2-2_i386.deb
  to pool/main/e/ekg/libgadu3_1.7~rc2-2_i386.deb
News for package ekg
