65263 – security issues in gaim 0.57

Bug 65263 - security issues in gaim 0.57

Summary: security issues in gaim 0.57

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	gaim
Sub Component:
Version:	7.3
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Blizzard
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-05-21 06:05 UTC by Matt Selsky
Modified:	2008-05-01 15:38 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2002-08-06 07:12:08 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2002:098	normal	SHIPPED_LIVE	: Updated gaim client fixes Jabber plug-in vulnerability	2002-05-22 04:00:00 UTC
Red Hat Product Errata	RHSA-2002:107	normal	SHIPPED_LIVE	: Updated gaim client fixes Jabber plug-in vulnerability (Powertools)	2002-06-04 04:00:00 UTC
Red Hat Product Errata	RHSA-2002:122	normal	SHIPPED_LIVE	Important: gaim security update	2002-06-20 04:00:00 UTC

Description Matt Selsky 2002-05-21 06:05:14 UTC

The gaim project has released version 0.58 to fix security problems in 0.57
including:

 * Bug-fix for potential buffer overflow in Jabber plugin. (Thanks, rwscott)
 * Tempfiles used for secure MSN/HotMail login (added in 0.57) are now
themselves created securely.

See http://gaim.sourceforge.net/ChangeLog for the complete change log.

This should be fixed since versions <=0.57 contained several bugfixes which
would be nice to have in place.

Comment 1 Warren Togami 2002-05-22 10:38:55 UTC

When this is fixed, please also apply the htmlview default patch in Bug 63115 in
order to fix that minor bug.

Comment 2 Mark J. Cox 2002-05-22 10:49:38 UTC

Just a note that the "Tempfiles used for secure MSN/HotMail login (added in
0.57) are now themselves created securely." issue only affects version 0.57 of
gaim (verified) and therefore does not affect the versions of gaim that we have
shipped in Red Hat Linux releases.

Comment 3 Warren Togami 2002-07-10 12:00:02 UTC

Fixed, 0.59 is in Limbo beta.
Close?

Comment 4 Matt Selsky 2002-07-10 15:55:14 UTC

Sounds good to me.  Thanks, guys.

Comment 5 Christopher Blizzard 2002-07-10 16:17:04 UTC

Waiting for errata.

Comment 6 Mark J. Cox 2002-08-06 07:12:08 UTC

An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2002-107.html

Note You need to log in before you can comment on or make changes to this bug.