[Secure-testing-team] Bug#684121: libotr2: Buffer overflows in libotr
Göran Weinholt
goran at weinholt.se
Tue Aug 7 07:42:03 UTC 2012
Package: libotr2
Version: 3.2.0-4
Severity: grave
Tags: security upstream
Justification: user security hole
libotr contains buffer overflows in a few base64 decoding functions:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html
Fixes for the bugs are available from git:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libotr2 depends on:
ii libc6 2.13-33
ii libgcrypt11 1.5.0-3
libotr2 recommends no packages.
Versions of packages libotr2 suggests:
ii libotr2-bin 3.2.0-4
-- no debconf information
More information about the Secure-testing-team
mailing list