1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3492-2] gajim regression update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Feb 28 12:10:01 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3492-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gajim
    Debian Bug : 816158

    The wheezy part of the previous gajim update, DSA-3492-1, was
    incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text
    follows.

    Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber
    client. Gajim didn't verify the origin of roster update, allowing an
    attacker to spoof them and potentially allowing her to intercept
    messages.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 0.15.1-4.1+deb7u2.

    We recommend that you upgrade your gajim packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJW0tQFAAoJEAVMuPMTQ89EGVUP/2cWsnn9rzv7aodGQ9S+5gml gN+2NpsfsWIo8D0m8As9cZUqJG72NbWOyjc/IbORiyCzVcTt9NsVVNZd1Pbf7ThU C6hK1WQIDZUOETerlLD3Ai6upLm9cOqjtAQwiKFdwDH40U9BSst3wMk1vxvcjRxa 6i6CHCdsRKw7XJ+K9WolptblqAEz1FtTltWyxoCuDKDYoJfWmA90aJYWOYbHnprb eCFCu6/EPmnz3k2L257uf1bBQojuOQupLgpQFaGJ7QaAgDTw15As4l8fSZPt4wMu nwj8cU5m/JluQUigw+6bk6GrfFhRm6iNXx2chC50D+gYi4hHxejj/rFLcqKPpi6S 7O1nXrRzLa1X8YTPME6Gw1cpsKmy1nhK2OJbDhBvNbjxIK5XBRDsxiz0vmJg7PsR 9513DR0VVb2D1Jfr1lnsZFH8K6S8bMcP0NZWtnt95WDlesjANBXOBQU8M4Whl3RJ 8S2RGcJSikyejA+C5eAG9c0ESGkb0lnSn7vMLTbi+AKo6cG1WT0aVYDBRNj4oiZO jeAcIB7+aey9rvNvLFsNJE+Lh2kDXZQ3Zsl1BAtcuzbNimEXcfuufqatR5OO3h3D pO/mH7yw4/uCZt37I2ESyAgRczv2PW+Hj5aI4uOKtjoaDTb2BkbzZgWHqnVw53dl CKP4SaFLyz06KznV+Vcr
    =i0Lp
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)