Bug#559784: qutecom: CVE-2008-4776 denial-of-service

Ludovico Cavedon cavedon at debian.org
Sun Dec 13 00:05:55 UTC 2009


Hi Michael,

Michael Gilbert wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was published
> for libgadu.  Centerim embeds libpurple, which embeds libgadu, so it is
> affected.

I am sure what stated above is correct. According to my investigation:
-libpurble does not embded libgadu directly, but has its own
implementation of the gadugadu protocol
-centerim embeds libgadu directly

Therefore this CVE does not apply to qutecom.

Do you agree?

Thank you,
Ludovico

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20091212/07848c8a/attachment.pgp>


More information about the Pkg-voip-maintainers mailing list