Debian Package Tracker

From: Marcin Owsiany <porridge@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted ekg 1:1.7~rc2-1etch1 (source i386)
Date: Wed, 15 Aug 2007 22:31:46 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  6 May 2007 12:47:04 +0100
Source: ekg
Binary: ekg libgadu3 libgadu-dev
Architecture: source i386
Version: 1:1.7~rc2-1etch1
Distribution: stable-security
Urgency: high
Maintainer: Marcin Owsiany <porridge@debian.org>
Changed-By: Marcin Owsiany <porridge@debian.org>
Description: 
 ekg        - console Gadu Gadu client for UNIX systems
 libgadu-dev - Gadu-Gadu protocol library - development files
 libgadu3   - Gadu-Gadu protocol library - runtime files
Changes: 
 ekg (1:1.7~rc2-1etch1) stable-security; urgency=high
 .
   * Security upload for etch (same as 1:1.7~rc2-2, which didn't make it into
     etch before the release)
   * Patched three medium severity security issues in src/events.c:
     - CVE-2007-1663 A memory leak in handling image messages, which may cause
       memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
       a hostile GG user.
     - CVE-2007-1664 off-by-one in token OCR function, which may cause a null
       pointer dereference resulting in a DoS (ekg program crash). Exploitable
       by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
       server.
     - CVE-2007-1665 potential memory exhaust in token OCR function, which may
       cause memory exhaustion resulting in a DoS (ekg program crash).
       Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
       hostile GG server.
Files: 
 f776cbffc3c5757239311f68cbb06863 750 net optional ekg_1.7~rc2-1etch1.dsc
 b4ea482130e163af1456699e2e6983d9 514073 net optional ekg_1.7~rc2.orig.tar.gz
 1ed9055534fa44d865262b14f8b30341 36873 net optional ekg_1.7~rc2-1etch1.diff.gz
 cea1b184efefb7454b6c0b25a3e8d875 282332 net optional ekg_1.7~rc2-1etch1_i386.deb
 ab42291b25f3501983ea1fa3e61e5832 131262 libdevel optional libgadu-dev_1.7~rc2-1etch1_i386.deb
 28242d8c48f5cf14b7cdd1dff1c8f44d 67370 libs optional libgadu3_1.7~rc2-1etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGPcNAOg2KoGD0EhYRAhWUAJ9K7CWpXegOkeBttGNj1KGLGKRrGwCfVB1V
E4NYSQmSWkBXcEeOdgoLoDo=
=0iur
-----END PGP SIGNATURE-----


Accepted:
ekg_1.7~rc2-1etch1.diff.gz
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
ekg_1.7~rc2-1etch1.dsc
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1.dsc
ekg_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb
libgadu-dev_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
libgadu3_1.7~rc2-1etch1_i386.deb
  to pool/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
News for package ekg
