This bug was fixed in the package kadu - 0.6.0-1ubuntu0.1
---
kadu (0.6.0-1ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: remote DoS via a contact description with a large length
- debian/patch: Added 06-fix_CVE-2008-4776_events.c to fix events.c
- CVE-2008-4776
ACK to the hardy patch. Updated packages have been uploaded.
Thanks!
** Changed in: kadu (Ubuntu Hardy)
Status: New => Fix Committed
--
kadu: CVE-2008-4776 remote DoS
https://bugs.launchpad.net/bugs/297933
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Branch linked: lp:~ari-tczew/ubuntu/hardy/kadu/fix-CVE-2008-4776
--
kadu: CVE-2008-4776 remote DoS
https://bugs.launchpad.net/bugs/297933
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ub
ekg (1:1.7~rc2-2ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: remote denial of service.
- lib/events.c: upstream fixes.
- CVE-2008-4776
-- Kees Cook Sat, 06 Dec 2008 19:40:42 -0800
** Changed in: ekg (Ubuntu Hardy)
Status: New => Fix Released
** Changed in:
** Also affects: ekg (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: kadu (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: libgadu (Ubuntu Hardy)
Importance: Undecided
Status: New
--
kadu: CVE-2008-4776 remote DoS
https://bugs.lau
Published as: http://www.ubuntu.com/usn/usn-692-1
** Changed in: kadu (Ubuntu)
Status: In Progress => Fix Released
** Changed in: libgadu (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: ekg (Ubuntu)
Status: In Progress => Fix Released
--
kadu: CVE-2008-477
This bug was fixed in the package libgadu - 1:1.8.0+r592-1ubuntu0.1
---
libgadu (1:1.8.0+r592-1ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: remote DoS (LP: #297933)
- Changes in src/events.c to check correct length of reply
- CVE-2008-4776
-- Fabrice Coutad
This also affects ekg, which contains an embedded copy of libgadu prior
to intrepid.
** Also affects: ekg (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ekg (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
Status: New => In Progress
--
kadu: CVE-2008-4776 rem
Minimal debdiff for Kadu (build in pbuilder and installed in Intrepid)
** Attachment added: "New minimal debdiff for kadu"
http://launchpadlibrarian.net/20034714/kadu_0.6.0.2-2ubuntu0.1.debdiff
** Changed in: kadu (Ubuntu)
Status: Triaged => In Progress
--
kadu: CVE-2008-4776 remote D
The versions in Jaunty are the last debian's version, so this security
patch is not needed.
Here is the new minimal debdiff for libgadu (without patch system)
** Attachment added: "New minimal debdiff for libgadu"
http://launchpadlibrarian.net/19983156/libgadu_1.8.0%2Br592-1ubuntu0.1.debdiff
Thanks for you patches! Unfortunately, these changes are not appropriate
for a security update. Specifically, we do not introduce patch systems
and should not change to using a library rather than the embedded code.
Both of these fixes are definitely worthwhile, so I recommend filling
separate bugs
I've tested that the resulting packages build in pbuilder and that the debdiff
apply cleanly to existing version.
About tests, I've checked that the application runs.
Also, those fixes are the same as debian ones (in libgadu 1.8.0+r592-3
and kadu 0.6.0.2-3), and I have checked the debdiff between
** Attachment added: "debdiff for kadu"
http://launchpadlibrarian.net/19746379/kadu_0.6.0.2-2ubuntu0.1.debdiff
** Changed in: kadu (Ubuntu)
Assignee: fabrice_sp (fabricesp) => (unassigned)
--
kadu: CVE-2008-4776 remote DoS
https://bugs.launchpad.net/bugs/297933
You received this bug not
** Attachment added: "debdiff for libgadu"
http://launchpadlibrarian.net/19745924/libgadu_1.8.0%2Br592-1ubuntu0.1.debdiff
** Changed in: libgadu (Ubuntu)
Status: New => In Progress
--
kadu: CVE-2008-4776 remote DoS
https://bugs.launchpad.net/bugs/297933
You received this bug notifica
** Visibility changed to: Public
--
kadu: CVE-2008-4776 remote DoS
https://bugs.launchpad.net/bugs/297933
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/
15 matches
Mail list logo
