Ubuntu
kadu package

CVE-2012-1410

Bug #948112 reported by Patryk Cisek
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kadu (Ubuntu)
Fix Released
Undecided
Unassigned
Natty
Won't Fix
Undecided
Unassigned
Oneiric
Won't Fix
Undecided
Unassigned

Bug Description

Recently security issue's been reported to Kadu *one of packages I maintain in Debian). Please see more about the issue here:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1410

It's been fixed in newest upstream release -- 0.11.1. It's been uploaded to Debian Sid and has already migrated to Testing. Because of the bug fix, it has also been synced to Ubuntu Precise past the Feature Freeze. All versions of Kadu starting 0.9.0 and earlier than 0.11.1 are affected.

Versions in Ubuntu affected by the bug:
Oneiric (0.9.2-2)
Natty (0.9.0-1)

Commit that fix the bugs upstream is the following:
https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52

Due to the bug there have been also additional hardening commited, but are not actual fixes the the bug:
https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84
https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6
https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility: private → public
visibility: private → public
Changed in kadu (Ubuntu):
status: New → Confirmed
Revision history for this message
Fabrice Coutadeur (fabricesp) wrote :

Fixed in Precise with 0.11.1.

Changed in kadu (Ubuntu):
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand)
Changed in kadu (Ubuntu Oneiric):
status: New → Confirmed
Changed in kadu (Ubuntu Natty):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kadu (Ubuntu Natty):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against oneiric is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kadu (Ubuntu Oneiric):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.