Bug#559784: qutecom: CVE-2008-4776 denial-of-service

Michael Gilbert michael.s.gilbert at gmail.com
Sun Dec 13 00:23:58 UTC 2009

On Sat, 12 Dec 2009 16:05:55 -0800 Ludovico Cavedon wrote:

> Hi Michael,
> Michael Gilbert wrote:
> > the following CVE (Common Vulnerabilities & Exposures) id was published
> > for libgadu.  Centerim embeds libpurple, which embeds libgadu, so it is
> > affected.
> I am sure what stated above is correct. According to my investigation:
> -libpurble does not embded libgadu directly, but has its own
> implementation of the gadugadu protocol
> -centerim embeds libgadu directly
> Therefore this CVE does not apply to qutecom.

based on [0], qutecom embeds the exact same code as libpurple,
so it is indeed affected.


[0] http://source.debian.net/source/search?q=&defs=&refs=&path=libgadu.c&hist=

More information about the Pkg-voip-maintainers mailing list