Subject: CVS commit: pkgsrc/chat/gaim
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 08/10/2005 16:13:34
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 10 16:13:34 UTC 2005
Modified Files:
pkgsrc/chat/gaim: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/chat/gaim/patches: patch-af patch-ag
Log Message:
Security fixes for CAN-2005-2102 and CAN-2005-2103.
- An error in the handling of away messages can be exploited to cause
a heap-based buffer overflow by sending a specially crafted away message
to a user logged into AIM or ICQ.
Successful exploitation allows execution of arbitrary code.
- An error in the handling of file transfers can be exploited to crash
the application by attempting to upload a file with a non-UTF8 filename
to a user logged into AIM or ICQ.
Patches from RedHat.
To generate a diff of this commit:
cvs rdiff -r1.93 -r1.94 pkgsrc/chat/gaim/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/chat/gaim/buildlink3.mk
cvs rdiff -r1.67 -r1.68 pkgsrc/chat/gaim/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/chat/gaim/patches/patch-af \
pkgsrc/chat/gaim/patches/patch-ag
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.