ekg (1:1.7~rc2-2) unstable; urgency=high
* Security upload, for sid and etch
* Patched three medium severity security issues in src/events.c:
- CVE-2007-1663 A memory leak in handling image messages, which may cause
memory exhaustion resulting in a DoS (ekg program crash). Exploitable by
a hostile GG user.
- CVE-2007-1664 off-by-one in token OCR function, which may cause a null
pointer dereference resulting in a DoS (ekg program crash). Exploitable
by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG
server.
- CVE-2007-1665 potential memory exhaust in token OCR function, which may
cause memory exhaustion resulting in a DoS (ekg program crash).
Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a
hostile GG server.
-- Michael Bienia <email address hidden> Wed, 28 Mar 2007 14:16:11 +0100