[ubuntu/natty-security] gajim, gajim_0.13.4-3ubuntu2.1_amd64_translations.tar.gz, gajim_0.13.4-3ubuntu2.1_powerpc_translations.tar.gz, gajim_0.13.4-3ubuntu2.1_i386_translations.tar.gz, gajim_0.13.4-3ubuntu2.1_armel_translations.tar.gz 0.13.4-3ubuntu2.1 (Accepted)
Julian Taylor
jtaylor at ubuntu.com
Mon May 14 18:03:32 UTC 2012
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
shell escape from via crafted messages
https://trac.gajim.org/changeset/bc296e96ac10
- CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
- debian/patches/CVE-2012-2086.patch: use a prepated statement
https://trac.gajim.org/changeset/bfd5f94489d8
- CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
- debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
when convering LaTeX IM messages to png images
Thanks to Nico Golde
- CVE-2012-2093
Date: Thu, 10 May 2012 17:48:45 -0700
Changed-By: Julian Taylor <jtaylor at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/gajim/0.13.4-3ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Thu, 10 May 2012 17:48:45 -0700
Source: gajim
Binary: gajim
Architecture: source
Version: 0.13.4-3ubuntu2.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Taylor <jtaylor at ubuntu.com>
Description:
gajim - Jabber client written in PyGTK
Launchpad-Bugs-Fixed: 992613 992618
Changes:
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
.
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
shell escape from via crafted messages
https://trac.gajim.org/changeset/bc296e96ac10
- CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
- debian/patches/CVE-2012-2086.patch: use a prepated statement
https://trac.gajim.org/changeset/bfd5f94489d8
- CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
- debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
when convering LaTeX IM messages to png images
Thanks to Nico Golde
- CVE-2012-2093
Checksums-Sha1:
cf2b9cb7c712b3eb8a830d447b09cfab5ce5b082 2029 gajim_0.13.4-3ubuntu2.1.dsc
9249a38ce14f0b4e61d3f1b19bb805093c82d216 17047 gajim_0.13.4-3ubuntu2.1.diff.gz
Checksums-Sha256:
181bb527bb23842a78cc8c2e600ffbdcfc92293c768abbe85f3ef407f8099b62 2029 gajim_0.13.4-3ubuntu2.1.dsc
0b97e6203d7d60ac72d8ddf01fd181ac0065883fe0db00e55b01b5fdb5110e11 17047 gajim_0.13.4-3ubuntu2.1.diff.gz
Files:
0ecc82e88046212623ddded8cd2aeb36 2029 net optional gajim_0.13.4-3ubuntu2.1.dsc
9410925cff70d27beff18e82e88b2747 17047 net optional gajim_0.13.4-3ubuntu2.1.diff.gz
Original-Maintainer: Yann Leboulanger <asterix at lagaule.org>
More information about the Natty-changes
mailing list