[Secure-testing-team] Bug#503916: Security update for Debian Testing - 2008-11-03
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Nov 3 21:17:18 UTC 2008
Hi,
* Jarek Kami??ski <jarek at vilo.eu.org> [2008-11-03 22:07]:
> On Mon, Nov 03, 2008 at 02:04:55AM +0100, secure-testing-team at lists.alioth.debian.org wrote:
> > This automatic mail gives an overview over security issues that were recently
> > fixed in Debian Testing. The majority of fixed packages migrate to testing
> > from unstable. If this would take too long, fixed packages are uploaded to the
> > testing-security repository instead. It can also happen that vulnerable
> > packages are removed from Debian testing.
> >
> > Migrated from unstable:
> > =======================
> > libgadu 1:1.8.0+r592-3:
> > CVE-2008-4776: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776
> > http://bugs.debian.org/503916
>
> At first glance it looks, that kadu may also be affected. It isn't
> linked to libgadu from libgadu3 package and comes with own copy of
> libgadu sources (not patched). Can someone confirm that?
Yes confirmed, kadu is embedding libgadu completely and
linking against this version. It has the same problem, a bug
has been filed.
Thanks for the notice!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081103/2e0cc154/attachment.pgp
More information about the Secure-testing-team
mailing list