gaim security update

CentOS Errata and Security Advisory CESA-2005:365

The Gaim application is a multi-protocol instant messaging client.

A buffer overflow bug was found in the way gaim escapes HTML. It is
possible that a remote attacker could send a specially crafted message to a
Gaim client, causing it to crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue.

A bug was found in several of gaim’s IRC processing functions. These
functions fail to properly remove various markup tags within an IRC
message. It is possible that a remote attacker could send a specially
crafted message to a Gaim client connected to an IRC server, causing it to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0966 to this issue.

A bug was found in gaim’s Jabber message parser. It is possible for a
remote Jabber user to send a specially crafted message to a Gaim client,
causing it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0967 to this issue.

In addition to these denial of service issues, multiple minor upstream
bugfixes are included in this update.

Users of Gaim are advised to upgrade to this updated package which contains
Gaim version 1.2.1 and is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073719.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073720.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073721.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073724.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073725.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073727.html

Affected packages:
gaim

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:365