[ubuntu/oneiric-security] gajim 0.14.1-1ubuntu1.1 (Accepted)

Julian Taylor jtaylor at ubuntu.com
Mon May 14 18:03:17 UTC 2012


gajim (0.14.1-1ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: assisted code execution (LP: #992618)
    - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
      shell escape from via crafted messages
      https://trac.gajim.org/changeset/bc296e96ac10
    - CVE-2012-2085
  * SECURITY UPDATE: sql injection in logging code (LP: #992618)
    - debian/patches/CVE-2012-2086.patch: use a prepated statement
      https://trac.gajim.org/changeset/bfd5f94489d8
    - CVE-2012-2086
  * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
    - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
      when convering LaTeX IM messages to png images
      Thanks to Nico Golde
    - CVE-2012-2093

Date: Thu, 10 May 2012 17:48:34 -0700
Changed-By: Julian Taylor <jtaylor at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/gajim/0.14.1-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 10 May 2012 17:48:34 -0700
Source: gajim
Binary: gajim
Architecture: source
Version: 0.14.1-1ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Taylor <jtaylor at ubuntu.com>
Description: 
 gajim      - Jabber client written in PyGTK
Launchpad-Bugs-Fixed: 992613 992618
Changes: 
 gajim (0.14.1-1ubuntu1.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: assisted code execution (LP: #992618)
     - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
       shell escape from via crafted messages
       https://trac.gajim.org/changeset/bc296e96ac10
     - CVE-2012-2085
   * SECURITY UPDATE: sql injection in logging code (LP: #992618)
     - debian/patches/CVE-2012-2086.patch: use a prepated statement
       https://trac.gajim.org/changeset/bfd5f94489d8
     - CVE-2012-2086
   * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
     - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
       when convering LaTeX IM messages to png images
       Thanks to Nico Golde
     - CVE-2012-2093
Checksums-Sha1: 
 793f144d5697a9124913bf4c2d75b5df493052aa 1950 gajim_0.14.1-1ubuntu1.1.dsc
 5f49669f918ca35a6a28c63377c1fbee25b8ed9d 68103 gajim_0.14.1-1ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 e75f3d603b25bb7f8b711eafc3270a1df78121c031082dade0e219df936114b2 1950 gajim_0.14.1-1ubuntu1.1.dsc
 e94fa87ad65abb679e17d02d6b3f80c486fb4f7b49a993835784d163c44af4f3 68103 gajim_0.14.1-1ubuntu1.1.debian.tar.gz
Files: 
 475cfbbd2bbc17ea926a9a8d1336ecd0 1950 net optional gajim_0.14.1-1ubuntu1.1.dsc
 f9620f4b1603b089710eb4637ff66da0 68103 net optional gajim_0.14.1-1ubuntu1.1.debian.tar.gz
Original-Maintainer: Yann Leboulanger <asterix at lagaule.org>


More information about the Oneiric-changes mailing list