Subject: CVS commit: pkgsrc/chat/gaim
To: None <pkgsrc-changes@NetBSD.org>
From: Marc Recht <recht@netbsd.org>
List: pkgsrc-changes
Date: 01/27/2004 01:24:52
Module Name:	pkgsrc
Committed By:	recht
Date:		Tue Jan 27 01:24:52 UTC 2004

Modified Files:
	pkgsrc/chat/gaim: Makefile distinfo
	pkgsrc/chat/gaim/patches: patch-aa
Added Files:
	pkgsrc/chat/gaim/patches: patch-ab patch-ac patch-ad

Log Message:
12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise.
The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging some of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is afairly simple task.

Please see http://security.e-matters.de/advisories/012004.html
for more details.

Apply the fix posted in that advisory (originally by the FreeBSD security
team) and bump PKGREVISION to 1.


To generate a diff of this commit:
cvs rdiff -r1.50 -r1.51 pkgsrc/chat/gaim/Makefile
cvs rdiff -r1.37 -r1.38 pkgsrc/chat/gaim/distinfo
cvs rdiff -r1.16 -r1.17 pkgsrc/chat/gaim/patches/patch-aa
cvs rdiff -r0 -r1.6 pkgsrc/chat/gaim/patches/patch-ab
cvs rdiff -r0 -r1.5 pkgsrc/chat/gaim/patches/patch-ac
cvs rdiff -r0 -r1.1 pkgsrc/chat/gaim/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.