FS#413 - 12 overflows in gaim
Attached to Project:
Arch Linux
Opened by Tobias Kieslich (tobias) - Tuesday, 27 January 2004, 15:35 GMT
Last edited by Judd Vinet (judd) - Tuesday, 27 January 2004, 20:04 GMT
Opened by Tobias Kieslich (tobias) - Tuesday, 27 January 2004, 15:35 GMT
Last edited by Judd Vinet (judd) - Tuesday, 27 January 2004, 20:04 GMT
|
Details
There have been a dozen overflows reported to be in gaim.
I'm not capable to say how serious this is. Details can be
found here:
http://security.e-matters.de/advisories/012004.html a patch done by FreeBSD-Team is here: http://security.e-matters.de/patches/gaim-0.75-fix.diff thogh its claimed to be different from fixes done in gaim CVS. Here is a modified PKGBUILD - note pkgrel is already increased. [quote]# Maintainer: dorphell <dorphell@archlinux.org> # Contributor: Lucien Immink <l.immink@student.fnt.hvu.nl> pkgname=gaim pkgver=0.75 pkgrel=2 pkgdesc="A GTK+-based messaging client" url="http://gaim.sourceforge.net" depends=('startup-notification' 'gtk2' 'libao' 'gnutls' 'tk') source=(http://umn.dl.sourceforge.net/sourceforge/gaim/gaim-$pkgver.tar.bz2 \ http://security.e-matters.de/patches/gaim-0.75-fix.diff) build() { cd $startdir/src/$pkgname-$pkgver patch -p0 -i ../gaim-0.75-fix.diff ./configure --prefix=/usr make || return 1 make DESTDIR=$startdir/pkg install rm $startdir/pkg/usr/lib/perl5/*/$CARCH-linux/perllocal.pod } |
This task depends upon
Comment by dorphell (dorphell) -
Tuesday, 27 January 2004, 22:28 GMT
Yep and stuck-up gaim dev's don't care enough to release 0.76
sooner than usual so I'll have to sync this, thanks for the link