This bug was fixed in the package gajim - 0.13.4-3ubuntu2.1
---------------
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
shell escape from via crafted messages
https://trac.gajim.org/changeset/bc296e96ac10
- CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
- debian/patches/CVE-2012-2086.patch: use a prepated statement
https://trac.gajim.org/changeset/bfd5f94489d8
- CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
- debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
when convering LaTeX IM messages to png images
Thanks to Nico Golde
- CVE-2012-2093
-- Julian Taylor <[email protected]> Thu, 10 May 2012 17:48:45 -0700
** Changed in: gajim (Ubuntu Lucid)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992618
Title:
gajim code execution and sql injection
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gajim/+bug/992618/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
