several vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ekg (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Breezy |
Invalid
|
Low
|
Kees Cook | ||
Dapper |
Invalid
|
Low
|
Kees Cook | ||
Edgy |
Invalid
|
Low
|
Kees Cook | ||
Feisty |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: ekg
Please sync ekg (1:1.7~rc2-2) from Debian unstable (main).
The Ubuntu package has no changes.
The package builds cleanly in a feisty pbuilder.
Changelog:
ekg (1:1.7~rc2-2) unstable; urgency=high
* Security upload, for sid and etch
* Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause
memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null
pointer dereference resulting in a DoS (ekg program crash). Exploitable
by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may
cause memory exhaustion resulting in a DoS (ekg program crash).
Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
hostile GG server.
-- Marcin Owsiany <email address hidden> Mon, 26 Mar 2007 18:53:19 +0100
Changed in ekg: | |
status: | Unconfirmed → Confirmed |
This needs a full update breezy through feisty. Debian's update appears to only be the security updates.