Package: psi Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for psi.
CVE-2008-6393[0]: | PSI Jabber client before 0.12.1 allows remote attackers to cause a | denial of service (crash) and possibly execute arbitrary code via a | file transfer request with a negative value in a SOCKS5 option, which | bypasses a signed integer check and triggers an integer overflow and a | heap-based buffer overflow. The blogpost[1] has some more information. At the moment, I guess the security impact is fairly low and only results in a client DoS. Maybe you could check this further, just to be sure? If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6393 http://security-tracker.debian.net/tracker/CVE-2008-6393 [1] http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
