Re: [TAF] wml://security/2011/dsa-2169.wml

2011-03-02 Пенетрантность Alexander Reshetov
On Wed, Mar 02, 2011 at 06:37:16PM +0300, Vladimir Zhbanov wrote: > On Wed, Mar 02, 2011 at 01:10:34AM +0200, Alexander Reshetov wrote: > ... > > > > It was discovered that telepathy-gabble, the Jabber/XMMP connection > > > > manager > > > > for the Telepathy framework, is processing google:jingle

Re: [TAF] wml://security/2011/dsa-2169.wml

2011-03-02 Пенетрантность Vladimir Zhbanov
On Wed, Mar 02, 2011 at 01:10:34AM +0200, Alexander Reshetov wrote: ... > > > It was discovered that telepathy-gabble, the Jabber/XMMP connection > > > manager > > > for the Telepathy framework, is processing google:jingleinfo updates > > > without > > > validating their origin. This may allow a

Re: [TAF] wml://security/2011/dsa-2169.wml

2011-03-01 Пенетрантность Alexander Reshetov
On Tue, Mar 01, 2011 at 01:45:35AM +0300, Vladimir Zhbanov wrote: > > insufficient input validation > Недостаточная проверка достоверности вводимых > данных недостаточная проверка вводимых данных Про достоверность далее скажется. > > > > It was discovered that telepathy-gabble, the Jabber/XMMP

Re: [TAF] wml://security/2011/dsa-2169.wml

2011-02-28 Пенетрантность Vladimir Zhbanov
On Fri, Feb 18, 2011 at 11:51:50PM +0200, Alexander Reshetov wrote: > insufficient input validation Недостаточная проверка достоверности вводимых данных > > It was discovered that telepathy-gabble, the Jabber/XMMP connection manager > for the Telepathy framework, is processing google:jingleinfo up

[TAF] wml://security/2011/dsa-2169.wml

2011-02-18 Пенетрантность Alexander Reshetov
insufficient input validation It was discovered that telepathy-gabble, the Jabber/XMMP connection manager for the Telepathy framework, is processing google:jingleinfo updates without validating their origin. This may allow an attacker to trick telepathy-gabble into relaying streamed media data th