Download
| Alert*
oval:org.secpod.oval:def:602391
The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows. Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber client. Gajim didn"t veri ... oval:org.secpod.oval:def:602392 Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn"t verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. oval:org.secpod.oval:def:110048 Gajim is a Jabber client written in PyGTK. The goal of Gajim"s developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. oval:org.secpod.oval:def:601488 gajim is installed oval:org.secpod.oval:def:600781 It was discovered that the last security update for gajim, DSA-2453-1, introduced a regression in certain environments. oval:org.secpod.oval:def:600780 Several vulnerabilities have been discovered in gajim, a feature-rich jabber client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1987 gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute ... oval:org.secpod.oval:def:110022 gajim is installed oval:org.secpod.oval:def:110021 Gajim is a Jabber client written in PyGTK. The goal of Gajim"s developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. oval:org.secpod.oval:def:112468 Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. oval:org.secpod.oval:def:112466 Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. oval:org.secpod.oval:def:603056 Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XEP-0146: Remote Controlling Clients extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made o ... oval:org.secpod.oval:def:1900535 Gajim through 0.16.7 unconditionally implements the "XEP-0146: RemoteControlling Clients" extension. This can be abused by malicious XMPPservers to, for example, extract plaintext from OTR encrypted sessions. |