Ubuntu
gajim package

  1. Bug #992618
  2. Comment #5

Comment 5 for bug 992618

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gajim - 0.14.1-1ubuntu1.1

---------------
gajim (0.14.1-1ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: assisted code execution (LP: #992618)
    - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
      shell escape from via crafted messages
      https://trac.gajim.org/changeset/bc296e96ac10
    - CVE-2012-2085
  * SECURITY UPDATE: sql injection in logging code (LP: #992618)
    - debian/patches/CVE-2012-2086.patch: use a prepated statement
      https://trac.gajim.org/changeset/bfd5f94489d8
    - CVE-2012-2086
  * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
    - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
      when convering LaTeX IM messages to png images
      Thanks to Nico Golde
    - CVE-2012-2093
 -- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:34 -0700