Ubuntu
gajim package

gajim: CVE-2012-2093 insecure temporary file creation in LaTeX support

Bug #992613 reported by Julian Taylor on 2012-05-01

This bug affects 1 person

	Status	Importance	Assigned to
gajim (Debian)	Fix Released	Unknown	debbugs #668710
gajim (Ubuntu)	Won't Fix	Undecided	Unassigned
Lucid	Fix Released	Medium	Julian Taylor
Natty	Fix Released	Low	Julian Taylor
Oneiric	Fix Released	Low	Julian Taylor

Bug Description

Imported from Debian bug http://bugs.debian.org/668710:

Package: gajim
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gajim.

CVE-2012-2093[0]:
It was discovered that gajim is insecurely creating predictable file names
when converting LaTeX to png images. An attacker can exploit this flaw to
overwrite files of the user with a symlink attack.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2093
http://security-tracker.debian.org/tracker/CVE-2012-2093

--
Nico Golde - http://www.ngolde.de - <email address hidden> - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Tags:

Related branches

lp:~jtaylor/ubuntu/lucid/gajim/multiple-CVE

Merged into lp:ubuntu/lucid/gajim

Ubuntu Development Team: Pending requested 2012-05-01

lp:~jtaylor/ubuntu/natty/gajim/multiple-CVE

Merged into lp:ubuntu/natty/gajim

Ubuntu branches: Pending requested 2012-05-01

lp:~jtaylor/ubuntu/oneiric/gajim/multiple-CVE

Merged into lp:ubuntu/oneiric/gajim

Ubuntu branches: Pending requested 2012-05-01

lp:ubuntu/natty-security/gajim

lp:ubuntu/lucid-security/gajim

lp:ubuntu/oneiric-security/gajim

CVE References

Revision history for this message

Julian Taylor (jtaylor) wrote on 2012-05-01:

not worth an upload for precise as it is mitigated by yama link restrictions, the other releases (especially lucid w/o yama) need uploads for more severe issues anyway so they get it.

Changed in gajim (Ubuntu):
status:	New → Won't Fix

Bug Watch Updater (bug-watch-updater) on 2012-05-01

Changed in gajim (Debian):
importance:	Undecided → Unknown
status:	New → Fix Released

Tyler Hicks (tyhicks) on 2012-05-09

Changed in gajim (Ubuntu Lucid):
status:	New → Incomplete
Changed in gajim (Ubuntu Oneiric):
status:	New → Incomplete
Changed in gajim (Ubuntu Natty):
status:	New → Incomplete
tags:	added: patch-needswork
Changed in gajim (Ubuntu Lucid):
importance:	Undecided → Low
Changed in gajim (Ubuntu Natty):
importance:	Undecided → Low
Changed in gajim (Ubuntu Oneiric):
importance:	Undecided → Low
Changed in gajim (Ubuntu Lucid):
importance:	Low → Medium
assignee:	nobody → Julian Taylor (jtaylor)
Changed in gajim (Ubuntu Natty):
assignee:	nobody → Julian Taylor (jtaylor)
Changed in gajim (Ubuntu Oneiric):
assignee:	nobody → Julian Taylor (jtaylor)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-14:

This bug was fixed in the package gajim - 0.14.1-1ubuntu1.1

---------------
gajim (0.14.1-1ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: assisted code execution (LP: #992618)
    - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
      shell escape from via crafted messages
      https://trac.gajim.org/changeset/bc296e96ac10
    - CVE-2012-2085
  * SECURITY UPDATE: sql injection in logging code (LP: #992618)
    - debian/patches/CVE-2012-2086.patch: use a prepated statement
      https://trac.gajim.org/changeset/bfd5f94489d8
    - CVE-2012-2086
  * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
    - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions
      when convering LaTeX IM messages to png images
      Thanks to Nico Golde
    - CVE-2012-2093
-- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:34 -0700

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-14:

This bug was fixed in the package gajim - 0.13.4-3ubuntu2.1

---------------
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-14:

This bug was fixed in the package gajim - 0.13-0ubuntu2.1

---------------
gajim (0.13-0ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: assisted code execution (LP: #992618)
    - debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent
      shell escape from via crafted messages
      https://trac.gajim.org/changeset/bc296e96ac10
    - CVE-2012-2085
  * SECURITY UPDATE: sql injection in logging code (LP: #992618)
    - debian/patches/CVE-2012-2086.dpatch: use a prepated statement
      https://trac.gajim.org/changeset/bfd5f94489d8
    - CVE-2012-2086
  * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
    - debian/patches/CVE-2012-2093.dpatch: use safe tmpfile functions
      when convering LaTeX IM messages to png images
      Thanks to Nico Golde
    - CVE-2012-2093
-- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:53 -0700

Changed in gajim (Ubuntu Lucid):
status:	Incomplete → Fix Released
Changed in gajim (Ubuntu Natty):
status:	Incomplete → Fix Released
Changed in gajim (Ubuntu Oneiric):
status:	Incomplete → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #668710
[done important security patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntugajim package

gajim: CVE-2012-2093 insecure temporary file creation in LaTeX support

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
gajim package