# HG changeset patch # User Richard Laager # Date 1122326414 0 # Node ID f068eaabe332247816309f65c42aa0c3682b1637 # Parent 339b61819edcaee9c5389ddccad45527b2d6dbf1 [gaim-migrate @ 13242] Patch submitted to gaim-devel... "Marcin Owsiany sent you a draft advisory regarding multiple libgadu vulnerabilities. "Fortunately" gaim contains an extremely old version of libgadu and is affected only by memory alignment bug, which cannot be exploited on x86. No other critical vulnerabilities are known in gaim's version of libgadu. You'll find the patch in attachment. Regards, Wojtek Kaniewski ekg/libgadu maintainer" committer: Tailor Script diff -r 339b61819edc -r f068eaabe332 src/protocols/gg/libgg.c --- a/src/protocols/gg/libgg.c Mon Jul 25 19:36:44 2005 +0000 +++ b/src/protocols/gg/libgg.c Mon Jul 25 21:20:14 2005 +0000 @@ -1086,8 +1086,11 @@ e->event.status60.descr = buf; - if (len > 4 && p[h->length - 5] == 0) - e->event.status60.time = *((int*) (p + h->length - 4)); + if (len > 4 && p[h->length - 5] == 0) { + uint32_t t; + memcpy(&t, p + h->length - 4, sizeof(uint32_t)); + e->event.status60.time = t; + } } break;