[Bug 208993] [NEW] Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).

William Grant william at qeuni.net
Sat Mar 29 22:06:10 GMT 2008 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/tintin++
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).

The FFe is in bug #208618.

Changelog since current hardy version 1.97.8-1:

tintin++ (1.97.9-2) unstable; urgency=high

  * Add secutity.patch fixing the following security bugs:
  - CVE-2008-0671:
    Stack-based buffer overflow in the add_line_buffer function allows 
    remote attackers to execute arbitrary code via a long chat message, 
    related to conversion from LF to CRLF.
  - CVE-2008-0672:
    The process_chat_input function allows remote attackers to cause a 
    denial of service (application crash) via a YES message without a newline 
    character, which triggers a NULL dereference.
  - CVE-2008-0673:
    TinTin++ open files on the basis of an inbound file-transfer request, before
    the user has an opportunity to decline the request, which allows remote 
    attackers to truncate arbitrary files in the top level of a home directory.
    (Closes: #465643)
 
  * Add quilt support for patching.

 -- Ana Beatriz Guerrero Lopez <ana at debian.org>  Mon, 10 Mar 2008
18:09:24 +0100

tintin++ (1.97.9-1) unstable; urgency=low

  * New upstream release.
  * Remove broken watch file.
  * Update to debhelper 6.
  * Convert copyright file to UTF-8.

 -- Ana Beatriz Guerrero Lopez <ana at debian.org>  Sun, 10 Feb 2008
01:03:11 +0100


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH7r1MAc+S8KckfcURAmRNAJ4gSQcD1qqAGQAUiiWtN7+a06CIuwCeLv3j
w1MQmBJIQBH6W/gWx0OM2JY=
=MFdR
-----END PGP SIGNATURE-----

** Affects: tintin++ (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Please sync tintin++ 1.97.9-2 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/208993
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list