Subject: CVS commit: [pkgsrc-2005Q2] pkgsrc/chat/gaim
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 08/10/2005 18:28:45 
Module Name:	pkgsrc
Committed By:	snj
Date:		Wed Aug 10 18:28:45 UTC 2005

Modified Files:
	pkgsrc/chat/gaim [pkgsrc-2005Q2]: Makefile buildlink3.mk distinfo
Added Files:
	pkgsrc/chat/gaim/patches [pkgsrc-2005Q2]: patch-af patch-ag

Log Message:
Pullup ticket 672 - requested by Lubomir Sedlacik
security fixes for gaim

Revisions pulled up:
- pkgsrc/chat/gaim/Makefile		1.94
- pkgsrc/chat/gaim/buildlink3.mk	1.7
- pkgsrc/chat/gaim/distinfo		1.68
- pkgsrc/chat/gaim/patches/patch-af	1.1
- pkgsrc/chat/gaim/patches/patch-ag	1.1

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Wed Aug 10 16:13:34 UTC 2005

    Modified Files:
            pkgsrc/chat/gaim: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/chat/gaim/patches: patch-af patch-ag

    Log Message:
    Security fixes for CAN-2005-2102 and CAN-2005-2103.

    - An error in the handling of away messages can be exploited to cause
      a heap-based buffer overflow by sending a specially crafted away message
      to a user logged into AIM or ICQ.

      Successful exploitation allows execution of arbitrary code.

    - An error in the handling of file transfers can be exploited to crash
      the application by attempting to upload a file with a non-UTF8 filename
      to a user logged into AIM or ICQ.

    Patches from RedHat.


To generate a diff of this commit:
cvs rdiff -r1.89.2.1 -r1.89.2.2 pkgsrc/chat/gaim/Makefile
cvs rdiff -r1.5.2.1 -r1.5.2.2 pkgsrc/chat/gaim/buildlink3.mk
cvs rdiff -r1.65.2.1 -r1.65.2.2 pkgsrc/chat/gaim/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/chat/gaim/patches/patch-af \
    pkgsrc/chat/gaim/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.