Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tintin++ (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/tintin++
status confirmed
importance wishlist
subscribe ubuntu-archive
Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).
The FFe is in bug #208618.
Changelog since current hardy version 1.97.8-1:
tintin++ (1.97.9-2) unstable; urgency=high
* Add secutity.patch fixing the following security bugs:
- CVE-2008-0671:
Stack-based buffer overflow in the add_line_buffer function allows
remote attackers to execute arbitrary code via a long chat message,
related to conversion from LF to CRLF.
- CVE-2008-0672:
The process_chat_input function allows remote attackers to cause a
denial of service (application crash) via a YES message without a newline
character, which triggers a NULL dereference.
- CVE-2008-0673:
TinTin++ open files on the basis of an inbound file-transfer request, before
the user has an opportunity to decline the request, which allows remote
attackers to truncate arbitrary files in the top level of a home directory.
(Closes: #465643)
* Add quilt support for patching.
-- Ana Beatriz Guerrero Lopez <email address hidden> Mon, 10 Mar 2008 18:09:24 +0100
tintin++ (1.97.9-1) unstable; urgency=low
* New upstream release.
* Remove broken watch file.
* Update to debhelper 6.
* Convert copyright file to UTF-8.
-- Ana Beatriz Guerrero Lopez <email address hidden> Sun, 10 Feb 2008 01:03:11 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH7r1MAc+
w1MQmBJIQBH6W/
=MFdR
-----END PGP SIGNATURE-----
Getting binaries for hardy... +_1.97. 9-2.dsc: downloading from http:// ftp.debian. org/debian/> +_1.97. 9-2.diff. gz: downloading from http:// ftp.debian. org/debian/> +_1.97. 9.orig. tar.gz: downloading from http:// ftp.debian. org/debian/>
[Updating] tintin++ (1.97.8-1 [Ubuntu] < 1.97.9-2 [Debian])
* Trying to add tintin++...
- <tintin+
- <tintin+
- <tintin+
I: tintin++ [universe] -> tintin++_1.97.8-1 [universe].