Ubuntu
gajim package

  1. Bug #992613
  2. Comment #4

Comment 4 for bug 992613

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gajim - 0.13-0ubuntu2.1

---------------
gajim (0.13-0ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: assisted code execution (LP: #992618)
    - debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent
      shell escape from via crafted messages
      https://trac.gajim.org/changeset/bc296e96ac10
    - CVE-2012-2085
  * SECURITY UPDATE: sql injection in logging code (LP: #992618)
    - debian/patches/CVE-2012-2086.dpatch: use a prepated statement
      https://trac.gajim.org/changeset/bfd5f94489d8
    - CVE-2012-2086
  * SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
    - debian/patches/CVE-2012-2093.dpatch: use safe tmpfile functions
      when convering LaTeX IM messages to png images
      Thanks to Nico Golde
    - CVE-2012-2093
 -- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:53 -0700