'www/info' - MARC

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    www/info
From:       Dirk Mueller <mueller () kde ! org>
Date:       2005-07-21 2:55:29
Message-ID: 1121914529.466323.8135.nullmailer () svn ! kde ! org
[Download RAW message or body]

SVN commit 437146 by mueller:

damn. KDE 3.2.3 is affected :(


 M  +7 -2      3.2.3.php  
 M  +13 -6     security/advisory-20050721-1.txt  


--- trunk/www/info/3.2.3.php #437145:437146
@@ -124,9 +124,14 @@
 <br>Read the <a href="security/advisory-20050718-1.txt">detailed advisory</a>.
 KDE 3.2.x up to including KDE 3.4.0 are affected.
 </li>
+<li>
+The Gadu-Gadu protocol handler of Kopete 3.3 and above contains a copy
+of libgadu, that is used if there is no system installed libgadu library.
+Multiple integer overflow vulnerabilities have been found in libgadu.
+<br>Read the <a href="security/advisory-20050721-1.txt">detailed advisory</a>.
+KDE 3.2.3 up to including KDE 3.4.1 are affected.
+</li>
 
-
-
 </ul>
 
 <h2><a name="bugs">Bugs</a></h2>
--- trunk/www/info/security/advisory-20050721-1.txt #437145:437146
@@ -12,11 +12,13 @@
 
 1. Systems affected:
 
-        All versions of Kopete as included in
-        KDE 3.3.x up to including 3.4.1. KDE 3.2.x and older
-        are not affected.
+        All versions of Kopete as included in KDE 3.2.3 up to including
+        KDE 3.4.1. KDE 3.2.2 and older are not affected.
 
+        Kopete 0.9.x releases starting with 0.9.4 and Kopete 0.10.3
+        or newer are unaffected.
 
+
 2. Overview:
 
 	Kopete contains a copy of libgadu that is used if
@@ -53,11 +55,16 @@
 
         73ebcef42173bf567d473414693898b0  post-3.3.2-kdenetwork-libgadu.patch
 
+        A patch for KDE 3.2.3 is available from
+        ftp://ftp.kde.org/pub/kde/security_patches :
 
+        69e3379085aeaeecf034468d18a900f6  post-3.2.3-kdenetwork-libgadu.patch
+
+
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.0 (GNU/Linux)
 
-iD8DBQFC3uf4vsXr+iuy1UoRAuttAKCn8JCEHHacoQRhi9li4INeKho2awCgn848
-8jtYgBYreyyqEeObXP2im3k=
-=wUq5
+iD8DBQFC3w5pvsXr+iuy1UoRAuAyAKC5MQPmvhpYiOtypx50dk7fkLCxWACgg0Lv
+XiS2yq32alcX2bEhEArot+Y=
+=FoUx
 -----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic