Bug#411944: CVE-2007-1006: format string overflows
Kees Cook
kees at outflux.net
Thu Feb 22 01:24:53 CET 2007
Package: ekiga
Version: 2.0.3-2
Severity: grave
Tags: patch, security, fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 says:
"Multiple format string vulnerabilities in the
gm_main_window_flash_message function in Ekiga before 2.0.5 allow
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Q.931 SETUP packet."
See attached patch for upstream fix.
--
Kees Cook @outflux.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ekiga.patch
Type: text/x-diff
Size: 3397 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070221/c8c44c27/ekiga.bin
More information about the Pkg-gnome-maintainers
mailing list