Bug#559784: qutecom: CVE-2008-4776 denial-of-service
michael.s.gilbert at gmail.com
Sun Dec 13 00:23:58 UTC 2009
On Sat, 12 Dec 2009 16:05:55 -0800 Ludovico Cavedon wrote:
> Hi Michael,
> Michael Gilbert wrote:
> > the following CVE (Common Vulnerabilities & Exposures) id was published
> > for libgadu. Centerim embeds libpurple, which embeds libgadu, so it is
> > affected.
> I am sure what stated above is correct. According to my investigation:
> -libpurble does not embded libgadu directly, but has its own
> implementation of the gadugadu protocol
> -centerim embeds libgadu directly
> Therefore this CVE does not apply to qutecom.
based on , qutecom embeds the exact same code as libpurple,
so it is indeed affected.
More information about the Pkg-voip-maintainers