close 319443 4:3.3.2-5 thanks * Moritz Muehlenhoff [Fri, 22 Jul 2005 07:44:30 +0200]:
> Package: kopete > Severity: normal > Kopete embeds a copy of the gadu library, which is vulnerable to > remotely exploitable integer overflows. Judging from the original KDE > advisory the embedded version is only used as a fallback. As there's > a dependency on Debian's libgadu, which has already been fixed Kopete > is probably not directly affected. If this should not be the case please > bump the urgency. As you say, kopete in Debian dynamically links against libgadu instead of using its internal copy. This was not true for a while in the recent past, but the fix uploaded on 2005-05-24 [1] did make into sarge. [1] http://lists.debian.org/debian-devel-changes/2005/05/msg01450.html I'm closing the bug, but thanks for reporting. > Original advisory: > http://www.kde.org/info/security/advisory-20050721-1.txt -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Never let your sense of morals get in the way of doing what's right. -- Isaac Asimov -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]