|Description||Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
|Debian Bugs||323185, 350071|
Vulnerable and fixed packages
The table below lists information on source packages.
|buster, sid, stretch||1:1.9~pre+r2855-5||fixed|
The information below is based on the following data on fixed versions.
[woody] - gaim <not-affected> (affected code libgadu not present in woody)
[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
The fixes from centericq for integer overflows are all present in ekg from stable