Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2007-4897

Published: 14 September 2007

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Notes

AuthorNote
jdstrand 
pwlib is the source package for libpt*
rh has patch
not clear if openh323 is also affected, as openh323.org is currently down

Priority

Low

Status

Package Release Status
pwlib
Launchpad, Ubuntu, Debian 		dapper
Released (1.10.0-1ubuntu1.1)
edgy
Released (1.10.2.dfsg-0ubuntu3.1)
feisty
Released (1.10.3-0ubuntu1.1)
gutsy
Released (1.10.10-0ubuntu2.1)
upstream Needed

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading