--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152916 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152916 2005-05-02 --------------------------------------------------------------------- Name : gaim 7.3 Version : gaim-1.2.1-0.73.2.legacy 9 Version : gaim-1.2.1-0.90.2.legacy fc1 Version : gaim-1.2.1-1.fc1.1.legacy Summary : A GTK+ clone of the AOL Instant Messenger client. Description : Gaim is a clone of America Online's Instant Messenger client. It features nearly all of the functionality of the official AIM client while also being smaller, faster, and commercial-free. --------------------------------------------------------------------- Update Information: An updated gaim package that fixes various security issues as well as a number of bugs is now available. The Gaim application is a multi-protocol instant messaging client. Two HTML parsing bugs were discovered in Gaim. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to these issues. A bug in the way Gaim processes SNAC packets was discovered. It is possible that a remote attacker could send a specially crafted SNAC packet to a Gaim client, causing the client to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472 to this issue. A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0967 to this issue. Additionally, various client crashes, memory leaks, and protocol issues have been resolved. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun May 01 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.1-0.73.2.legacy - Added fix for perl plugin * Sat Apr 16 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.1-0.73.1.legacy - Updated to 1.2.1 to fix security issues - Added CVS backport patches from RHEL * Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.1.4-0.73.1.legacy - Updated to 1.1.4 to fix security issues - Added CVS backport patches from RHEL 9 changelog: * Sun May 01 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:1.2.1-0.90.2.legacy - Added fix and reactivated perl plugin * Fri Apr 15 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:1.2.1-0.90.1.legacy - Rebuilt as Fedora Legacy rh9 security update - Added mozilla-nspr-devel and mozilla-nss BuildRequires - Reverted to rh9-style desktop file - Disabled PIE patch fc1 changelog: * Fri Apr 15 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:1.2.1-1.fc1.1.legacy - Rebuilt as Fedora Legacy FC1 security update --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 70712d44b9190d1ee829674e646453fc22fadf55 redhat/7.3/updates-testing/i386/gaim-1.2.1-0.73.2.legacy.i386.rpm adf46f079446e6d8991bdc24ebb3f711e81f82cb redhat/7.3/updates-testing/SRPMS/gaim-1.2.1-0.73.2.legacy.src.rpm 3312e74638ea74b1581426097037f738c6dec7e1 redhat/9/updates-testing/i386/gaim-1.2.1-0.90.2.legacy.i386.rpm f0c12bb9aa51a701954f86cddb1dfa9136d0ca12 redhat/9/updates-testing/SRPMS/gaim-1.2.1-0.90.2.legacy.src.rpm c49100adede08301fd65f40d884c12c6c5e183f7 fedora/1/updates-testing/i386/gaim-1.2.1-1.fc1.1.legacy.i386.rpm bda6c9aa95776128a907517fe3e73913d90cafb6 fedora/1/updates-testing/SRPMS/gaim-1.2.1-1.fc1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
