| Name | CVE-2005-2369 |
| Description | Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-813-1, DTSA-2-1 |
| Debian Bugs | 323185, 350071 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| centericq | source | woody | (not affected) | DSA-813-1 | ||
| centericq | source | sarge | 4.20.0-1sarge2 | DSA-813-1 | ||
| centericq | source | etch | 4.20.0-8etch1 | medium | DTSA-2-1 | |
| centericq | source | (unstable) | 4.20.0-9 | medium | 323185 | |
| ekg | source | sarge | (not affected) | |||
| ekg | source | (unstable) | 1:1.5+20050712+1.6rc2-1 | medium | ||
| gaim | source | woody | (not affected) | |||
| gaim | source | sarge | (not affected) | |||
| gaim | source | (unstable) | 1:1.5.0-1 | medium | 350071 |
[woody] - gaim <not-affected> (affected code libgadu not present in woody)
[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
The fixes from centericq for integer overflows are all present in ekg from stable