oss-sec mailing list archives
Re: CVE request - libgadu
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 29 Oct 2008 10:22:36 +0100
On Tue, 28 Oct 2008 11:23:56 +0100 Tomas Hoger <thoger () redhat com> wrote:
New upstream libgadu version 1.8.2 is marked as security update and seems to fix a buffer over-read flaw: http://toxygen.net/libgadu/releases/1.8.2.html https://bugzilla.redhat.com/show_bug.cgi?id=468830 https://admin.fedoraproject.org/updates/libgadu-1.8.2-1.fc9
Just for the future reference: CVE-2008-4776: libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request - libgadu Tomas Hoger (Oct 28)
- Re: CVE request - libgadu Tomas Hoger (Oct 29)