Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/tintin++
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).

The FFe is in bug #208618.

Changelog since current hardy version 1.97.8-1:

tintin++ (1.97.9-2) unstable; urgency=high

  * Add secutity.patch fixing the following security bugs:
  - CVE-2008-0671:
    Stack-based buffer overflow in the add_line_buffer function allows
    remote attackers to execute arbitrary code via a long chat message,
    related to conversion from LF to CRLF.
  - CVE-2008-0672:
    The process_chat_input function allows remote attackers to cause a
    denial of service (application crash) via a YES message without a newline
    character, which triggers a NULL dereference.
  - CVE-2008-0673:
    TinTin++ open files on the basis of an inbound file-transfer request, before
    the user has an opportunity to decline the request, which allows remote
    attackers to truncate arbitrary files in the top level of a home directory.
    (Closes: #465643)

  * Add quilt support for patching.

 -- Ana Beatriz Guerrero Lopez <email address hidden> Mon, 10 Mar 2008 18:09:24 +0100

tintin++ (1.97.9-1) unstable; urgency=low

  * New upstream release.
  * Remove broken watch file.
  * Update to debhelper 6.
  * Convert copyright file to UTF-8.

 -- Ana Beatriz Guerrero Lopez <email address hidden> Sun, 10 Feb 2008 01:03:11 +0100

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH7r1MAc+S8KckfcURAmRNAJ4gSQcD1qqAGQAUiiWtN7+a06CIuwCeLv3j
w1MQmBJIQBH6W/gWx0OM2JY=
=MFdR
-----END PGP SIGNATURE-----