Ubuntu
ekiga package

FTBFS (pull new upstream?)

Bug #86910 reported by Kees Cook
6
Affects Status Importance Assigned to Milestone
ekiga (Ubuntu)
Fix Released
High
Kees Cook

Bug Description

Binary package hint: ekiga

After the upload of pwlib 1.10.3, ekiga FTBFS, since it is hard-coded to require 1.10.2.

If the new upstream is pulled (2.0.5), then the critical vulns against the feisty package can be closed too. (See linked CVEs)

Revision history for this message
Kees Cook (kees) wrote :

Here's the patch to fix the CVE. (I didn't open a second bug because if the FTBFS is fixed without a version bump, I need to see this debdiff go in at the same time too...)

Changed in ekiga:
importance: Undecided → High
status: Unconfirmed → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

Gah. LP won't link to the CVE (the CVE is too new):

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006

Revision history for this message
Daniel Holbach (dholbach) wrote :

We definitely should get in the new opal and new ekiga - as it's part of the GNOME release, we don't even need a UVF exception.

I just had trouble making the new opal build, preserve the compatibility symlinks (gar!), have the debug packages still working, etc.

I'll try again and maybe take a look at buildserver.net - but I'd appreciate people helping out. (https://lists.ubuntu.com/archives/ubuntu-devel/2007-February/023292.html)

Revision history for this message
Kees Cook (kees) wrote :

Closing this, since ekiga was just patched to handle the newer pwlib instead, and has security fixes patched as well.

Changed in ekiga:
assignee: nobody → keescook
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.