Debian Libgadu vulnerabilities

CVE-2014-3775 [HIGH] CVE-2014-3775: libgadu - libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other ... libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message. Scope: local bookworm: resolved (fixed in 1:1.12.0~rc3-1) bullseye: resolved (fixed in 1:1.12.0~rc3-1) forky: resolved (fixed in 1:

CVE-2013-6487 [HIGH] CVE-2013-6487: libgadu - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) pars... Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 1:1.11.3-1) bullseye: resolved (fixed in 1:1.11.3-1) forky: resolved (fixed in 1:1.11.3-1) sid: res

CVE-2013-4488 [MEDIUM] CVE-2013-4488: libgadu - libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which... libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2008-4776 [MEDIUM] CVE-2008-4776: libgadu - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) ... libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. Scope: local bookworm: resolved (fixed in 1:1.8.0+r592-3) bullseye: resolved (fixed in 1:1.8.0+r592-3) forky: resolved (fixed in 1:1.8.0+r592-3) sid: resolved (fixed in 1:1.8.0+r592-3) trixie: resolved (fix