thr3ads.net - Secure testing team - [Secure-testing-team] Bug#684121: libotr2: Buffer overflows in libotr [Aug 2012]

If this information is useful, please help other people find it:
Share via:

Göran Weinholt

2012-Aug-07 07:42 UTC

[Secure-testing-team] Bug#684121: libotr2: Buffer overflows in libotr

Package: libotr2
Version: 3.2.0-4
Severity: grave
Tags: security upstream
Justification: user security hole

libotr contains buffer overflows in a few base64 decoding functions:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html

Fixes for the bugs are available from git:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libotr2 depends on:
ii  libc6        2.13-33
ii  libgcrypt11  1.5.0-3

libotr2 recommends no packages.

Versions of packages libotr2 suggests:
ii  libotr2-bin  3.2.0-4

-- no debconf information

Secure testing team - Aug 2012 - Bug#684121: libotr2: Buffer overflows in libotr

[Secure-testing-team] Bug#684121: libotr2: Buffer overflows in libotr