|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-413-1 (gajim)



From:
    	      Brian May <bam@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 413-1] gajim security update 


Date:
    	      Tue, 9 Feb 2016 17:27:21 +1100


Message-ID:
    	      <20160209062721.GA8042@prune.linuxpenguins.xyz>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gajim
Version        : 0.13.4-3+squeeze4
CVE ID         : CVE-2015-8688
Debian Bug     : 809900

Affected versions of gajim allow remote attackers to modify the roster
and intercept messages via a crafted roster-push IQ stanza.

This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4.
- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWuYbJAAoJEJyE7hq50CY2ZDcP/1uZWuhWwScnxd7kqfBQUYp8
G8PSLTL5yJVWoPW32eDADuFP/7qsKcb7rMDhaAuBl4ZRs9BFCEN3l72qbpZTe6zW
xi2M9oABIJkvFvYG4UWFikF59tJcw/r0QlIu1dcMG/5UaAGhc7/KP8U8AGCbHrMP
HNpLCIs3DQnOyxCY6OPoQk/IykDOq9HTWe9jkRoid0oS4dhqG04zGTB9HwxhUhZY
/HK0XUCaa5EwIxUKkvZnxrRzG2HUt8C6jVyv6gZluXWojadJcnhMw7ENZgJQSZ2C
oBDS/hqSiLmT0I9W25Nz35BXqk10ds45TLBYahD3hO7grUewvZeAkEtZbpXujWRy
yOTgPyEujHKuhSi+3YNRGqOEx6Eldp/JXcTLpmReyecEUe7fpeZt8jouJFmNBkvm
YlzTj23MjTEuD4Hkdwh1wSphgJoUEggKVbIUFb2m0Suo0hQRwVHZ3hrf5RS4AHJw
E6RFjX95B8p6M1X5XCB8mZIOzNlVHqoTW0l5j6ZUSUwsr8wGP1OA5iQnQD3eUaoT
EXsErtsbN0obMZ4MXDvMKXFW7A6hpKHOawBcqt0VyRu3k8/yzSuaO+BwPhuAHbtC
8v7ZrLfAnIwRVcHSrmDuWmhAoJB35YsA5rnal1IHx7Wwtj1vgRljtSpn9FEonF8r
JkkFySsd6STAs/wq8nDK
=l0fB
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds