Red Hat Bugzilla – Bug 153319
CAN-2005-0472 Gaim DoS
Last modified: 2007-11-30 17:06:54 EST
We initially thought CAN-2005-0472 didn't affect RHEL2.1. It however does.
While looking at the package, I discovered that Patch0: gaim-0.59.1-args.patch
was not being applied by accident. It prevents an overflow into the command,
but it doesn't look like it had security implications. Not sure. Upstream has
126.96.36.199 "Thanks Chris Blizzard. I think that maybe in the future we'll make
Gaim not have any bugs."
It appears that upstream made several more 0.59.x maintenance releases after the
0.59.1 that we ship. The same spec that I checked into CVS works with 0.59.9
after removing patch0 which was included in 0.59.2. Should we ship 0.59.9
instead of 0.59.1 in RHEL2.1? You decide.
I am unable to test these binaries locally.
gaim-0.59.9-1.el2 has been mkerrata'ed. Let me know if you need anything else.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.