Your message dated Mon, 26 Feb 2007 23:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#411944: fixed in ekiga 2.0.3-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ekiga
Version: 2.0.3-2
Severity: grave
Tags: patch, security, fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 says:
"Multiple format string vulnerabilities in the
gm_main_window_flash_message function in Ekiga before 2.0.5 allow
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Q.931 SETUP packet."
See attached patch for upstream fix.
--
Kees Cook @outflux.net
Index: urlhandler.cpp
===================================================================
--- urlhandler.cpp (revision 4825)
+++ urlhandler.cpp (revision 4826)
@@ -532,13 +532,13 @@
if (call_address.Find ("+type=directory") != P_MAX_INDEX) {
- gm_main_window_flash_message (main_window, _("User not found"));
+ gm_main_window_flash_message (main_window, "%s", _("User not found"));
call_history_item->end_reason = g_strdup (_("User not found"));
endpoint->SetCallingState (GMManager::Standby);
}
else {
- gm_main_window_flash_message (main_window, _("Failed to call user"));
+ gm_main_window_flash_message (main_window, "%s", _("Failed to call user"));
call_history_item->end_reason = g_strdup (_("Failed to call user"));
}
Index: manager.cpp
===================================================================
--- manager.cpp (revision 4825)
+++ manager.cpp (revision 4826)
@@ -715,7 +715,7 @@
gnomemeeting_threads_enter ();
msg = g_strdup_printf (_("Forwarding call to %s"),
(const char*) forward_party);
- gm_main_window_flash_message (main_window, msg);
+ gm_main_window_flash_message (main_window, "%s", msg);
gm_history_window_insert (history_window, msg);
gnomemeeting_threads_leave ();
g_free (msg);
@@ -873,7 +873,7 @@
/* Update the log and status bar */
msg = g_strdup_printf (_("Call from %s"), (const char *) utf8_name);
gnomemeeting_threads_enter ();
- gm_main_window_flash_message (main_window, msg);
+ gm_main_window_flash_message (main_window, "%s", msg);
gm_chat_window_push_info_message (chat_window, NULL, msg);
gm_history_window_insert (history_window, msg);
gnomemeeting_threads_leave ();
@@ -913,7 +913,7 @@
/* Display the action message */
gnomemeeting_threads_enter ();
if (short_reason)
- gm_main_window_flash_message (main_window, short_reason);
+ gm_main_window_flash_message (main_window, "%s", short_reason);
if (long_reason)
gm_history_window_insert (history_window, long_reason);
gnomemeeting_threads_leave ();
@@ -1061,7 +1061,7 @@
msg = g_strdup_printf (_("Connected with %s"), utf8_name);
gm_main_window_set_status (main_window, utf8_name);
gm_main_window_set_panel_section (main_window, CALL);
- gm_main_window_flash_message (main_window, msg);
+ gm_main_window_flash_message (main_window, "%s", msg);
gm_chat_window_push_info_message (chat_window, NULL, msg);
gm_main_window_update_calling_state (main_window, GMManager::Connected);
gm_chat_window_update_calling_state (chat_window,
@@ -1351,7 +1351,7 @@
gm_calls_history_item_free (call_history_item);
gm_history_window_insert (history_window, msg_reason);
- gm_main_window_flash_message (main_window, msg_reason);
+ gm_main_window_flash_message (main_window, "%s", msg_reason);
gm_chat_window_push_info_message (chat_window, NULL, "");
gnomemeeting_threads_leave ();
Index: sip.cpp
===================================================================
--- sip.cpp (revision 4825)
+++ sip.cpp (revision 4826)
@@ -319,7 +319,7 @@
#endif
gm_history_window_insert (history_window, msg);
- gm_main_window_flash_message (main_window, msg);
+ gm_main_window_flash_message (main_window, "%s", msg);
if (endpoint.GetCallingState() == GMManager::Standby)
gm_main_window_set_account_info (main_window,
endpoint.GetRegisteredAccounts());
--- End Message ---
--- Begin Message ---
Source: ekiga
Source-Version: 2.0.3-2.1
We believe that the bug you reported is fixed in the latest version of
ekiga, which is due to be installed in the Debian FTP archive:
ekiga_2.0.3-2.1.diff.gz
to pool/main/e/ekiga/ekiga_2.0.3-2.1.diff.gz
ekiga_2.0.3-2.1.dsc
to pool/main/e/ekiga/ekiga_2.0.3-2.1.dsc
ekiga_2.0.3-2.1_i386.deb
to pool/main/e/ekiga/ekiga_2.0.3-2.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Zobel-Helas <[EMAIL PROTECTED]> (supplier of updated ekiga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 26 Feb 2007 23:35:33 +0100
Source: ekiga
Binary: ekiga
Architecture: source i386
Version: 2.0.3-2.1
Distribution: unstable
Urgency: high
Maintainer: Kilian Krause <[EMAIL PROTECTED]>
Changed-By: Martin Zobel-Helas <[EMAIL PROTECTED]>
Description:
ekiga - H.323 and SIP compatible VOIP client
Closes: 411944
Changes:
ekiga (2.0.3-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* NMU to apply patch from BTS to fix CVE 2007-1006 (Closes: #411944)
Files:
a56b9ca253ac03ea9c5fc1a74b203e0a 1724 gnome optional ekiga_2.0.3-2.1.dsc
e888653aa60de385420e63b4ae1c4946 11777 gnome optional ekiga_2.0.3-2.1.diff.gz
0bbbb191d00d9732f905c131fa978062 5497132 gnome optional
ekiga_2.0.3-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF42gGST77jl1k+HARAvrYAKDbkWtNy4/Cnb4lYed4o4y8d1/fUwCeJtsh
ettn8wAuSz67cdEIA02oosU=
=7yoO
-----END PGP SIGNATURE-----
--- End Message ---
