-
Committer:
Bazaar Package Importer
-
Author(s):
Marcin Owsiany
-
Date:
2007-03-26 18:53:19 UTC
-
Revision ID:
james.westby@ubuntu.com-20070326185319-t7k3eogvvoe33elm
Tags: 1:1.7~rc2-2
* Security upload, for sid and etch
* Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause
memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null
pointer dereference resulting in a DoS (ekg program crash). Exploitable
by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may
cause memory exhaustion resulting in a DoS (ekg program crash).
Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
hostile GG server.