Hi, * Jarek Kami??ski <[EMAIL PROTECTED]> [2008-11-03 22:07]: > On Mon, Nov 03, 2008 at 02:04:55AM +0100, [EMAIL PROTECTED] wrote: > > This automatic mail gives an overview over security issues that were > > recently > > fixed in Debian Testing. The majority of fixed packages migrate to testing > > from unstable. If this would take too long, fixed packages are uploaded to > > the > > testing-security repository instead. It can also happen that vulnerable > > packages are removed from Debian testing. > > > > Migrated from unstable: > > ======================= > > libgadu 1:1.8.0+r592-3: > > CVE-2008-4776: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776 > > http://bugs.debian.org/503916 > > At first glance it looks, that kadu may also be affected. It isn't > linked to libgadu from libgadu3 package and comes with own copy of > libgadu sources (not patched). Can someone confirm that?
Yes confirmed, kadu is embedding libgadu completely and linking against this version. It has the same problem, a bug has been filed. Thanks for the notice! Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpRSEmuvfLBw.pgp
Description: PGP signature
