Updated: Fedora Legacy Test Update Notification: gaim

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Jun 4 19:27:47 UTC 2005 

This test update was updated to fix additional issues and
add Fedora Core 2 packages.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-158543
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158543
2005-06-04
---------------------------------------------------------------------

Name        : gaim
7.3 Version : gaim-1.3.0-0.73.1.legacy
9 Version   : gaim-1.3.0-0.90.1.legacy
fc1 Version : gaim-1.3.0-1.fc1.legacy
fc2 Version : gaim-1.3.0-1.fc2.legacy
Summary     : A GTK+ clone of the AOL Instant Messenger client.
Description :
Gaim is a clone of America Online's Instant Messenger client. It
features nearly all of the functionality of the official AIM client
while also being smaller, faster, and commercial-free.

---------------------------------------------------------------------
Update Information:

An updated gaim package that fixes various security issues as well as a
number of bugs is now available.

The Gaim application is a multi-protocol instant messaging client.

Two HTML parsing bugs were discovered in Gaim. It is possible that a
remote attacker could send a specially crafted message to a Gaim client,
causing it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473
to these issues.

A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC
packet to a Gaim client, causing the client to stop responding. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0472 to this issue.

A buffer overflow bug was found in the way gaim escapes HTML. It is
possible that a remote attacker could send a specially crafted message
to a Gaim client, causing it to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965
to this issue.

A bug was found in several of gaim's IRC processing functions. These
functions fail to properly remove various markup tags within an IRC
message. It is possible that a remote attacker could send a specially
crafted message to a Gaim client connected to an IRC server, causing it
to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0966 to this issue.

A bug was found in gaim's Jabber message parser. It is possible for a
remote Jabber user to send a specially crafted message to a Gaim client,
causing it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0967 to this issue.

A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully
crafted message resulting in the execution of arbitrary code on a
victim's machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1261 to this issue.

A bug was found in the way gaim handles malformed MSN messages. A remote
attacker could send a carefully crafted MSN message causing gaim to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1262 to this issue.

Additionally, various client crashes, memory leaks, and protocol issues
have been resolved.

Users of Gaim are advised to upgrade to this updated package which
contains Gaim version 1.3.0 and is not vulnerable to these issues.

---------------------------------------------------------------------
7.3 changelog:
* Mon May 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.3.0-0.73.1.legacy
- Updated to 1.3.0 to fix security issues

* Sun May 01 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.2.1-0.73.2.legacy
- Added fix for perl plugin

* Sat Apr 16 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.2.1-0.73.1.legacy
- Updated to 1.2.1 to fix security issues
- Added CVS backport patches from RHEL

* Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.1.4-0.73.1.legacy
- Updated to 1.1.4 to fix security issues
- Added CVS backport patches from RHEL

9 changelog:
* Mon May 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:1.3.0-0.90.1.legacy

- Rebuilt as Fedora Legacy rh9 security update
- Added mozilla-nspr-devel and mozilla-nss BuildRequires
- Reverted to rh9-style desktop file
- Disabled PIE patch
- Added fix for perl plugin

fc1 changelog:
* Mon May 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:1.3.0-1.fc1.1.legacy
- Rebuilt as Fedora Legacy FC1 security update

fc2 changelog:
* Mon May 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:1.3.0-1.fc2.legacy
- Rebuilt as Fedora Legacy update for FC2

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

076d2a121549c48b680135dc0e9d73b9ced15b49
redhat/7.3/updates-testing/i386/gaim-1.3.0-0.73.1.legacy.i386.rpm
a14a81c748d02f296314ac6f88596d417dba66e6
redhat/7.3/updates-testing/SRPMS/gaim-1.3.0-0.73.1.legacy.src.rpm
ccc3631f257e56867bc2d618321e89d8681ae6c7
redhat/9/updates-testing/i386/gaim-1.3.0-0.90.1.legacy.i386.rpm
9bc9aa7e15616e6f21fa569b65f203a7a703c89b
redhat/9/updates-testing/SRPMS/gaim-1.3.0-0.90.1.legacy.src.rpm
5df0ef03698e8f9e8bc2b5e5135fc32d472d750b
fedora/1/updates-testing/i386/gaim-1.3.0-1.fc1.legacy.i386.rpm
4bbe74ce4caf178a9b04dfe7d8616af1daa83ac2
fedora/1/updates-testing/SRPMS/gaim-1.3.0-1.fc1.legacy.src.rpm
1aa7d01186700303098f49fe3348a2833b98e4b5
fedora/2/updates-testing/i386/gaim-1.3.0-1.fc2.legacy.i386.rpm
5c6d271e3c8c4eb0b42ade249ddaf9291d94a700
fedora/2/updates-testing/SRPMS/gaim-1.3.0-1.fc2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050604/bb9b94c4/attachment.sig>

More information about the fedora-legacy-list mailing list