Ubuntu
gajim package

lp:~jtaylor/ubuntu/oneiric/gajim/multiple-CVE

Oneiric (11.10)
multiple-CVE

Created by Julian Taylor on 2012-05-01 and last modified on 2012-05-16

Get this branch:: bzr branch lp:~jtaylor/ubuntu/oneiric/gajim/multiple-CVE

Only Julian Taylor can upload to this branch. If you are Julian Taylor please log in for upload directions.

Branch merges

No branches dependent on this one.

Merged into lp:ubuntu/oneiric/gajim

Ubuntu branches: Pending requested 2012-05-01

Related bugs

Bug #992613: gajim: CVE-2012-2093 insecure temporary file creation in LaTeX support	Low	Fix Released
Bug #992618: gajim code execution and sql injection	Medium	Fix Released

Link a bug report

Related blueprints

Branch information

Owner:: Julian Taylor

Status:: Merged

Recent revisions

56. By Julian Taylor on 2012-05-10: change version to ubuntu2
55. By Julian Taylor on 2012-05-10: fix missing wait on process end
54. By Julian Taylor on 2012-05-01: * SECURITY UPDATE: assisted code execution (LP: #992618)
  - debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent
    shell escape from via crafted messages
    https://trac.gajim.org/changeset/bc296e96ac10
  - CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
  - debian/patches/CVE-2012-2086.dpatch: use a prepated statement
    https://trac.gajim.org/changeset/bfd5f94489d8
  - CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
  - debian/patches/CVE-2012-2093.dpatch: use safe tmpfile functions
    when convering LaTeX IM messages to png images
    Thanks to Nico Golde
  - CVE-2012-2093
53. By Bhavani Shankar on 2011-05-19: * Merge from debian unstable(LP: #630876). Remaining changes:
  - Kept Ubuntu patches
    + config-write-sync.patch
    + ubuntu-keyring.patch
* Drop the debian/watch change as debian version of the watch file just
  works fine I think.
52. By Matthias Klose on 2010-12-08: Rebuild with python 2.7 as the python default.
51. By Angel Abad on 2010-11-08: * Merge from debian unstable (LP: #672484). Remaining changes:
  - Updated debian/watch
  - Kept Ubuntu patches
    + config-write-sync.patch
    + ubuntu-keyring.patch
50. By Angel Abad on 2010-09-14: * Merge from debian unstable (LP: #662154). Remaining changes:
  - Updated debian/watch
  - Kept Ubuntu patches
    + config-write-sync.patch
    + ubuntu-keyring.patch
* Dropped change: (superceeded in debian)
  - Changed python build version from 2.5 to 2.6 in debian/rules
49. By Jonathan Michalon on 2010-05-25: * Merge from debian testing (LP: #506049), remaining changes:
  - Updated debian/watch
  - Kept Ubuntu patches
    + config-write-sync.patch
    + ubuntu-keyring.patch
  - Changed python build version from 2.5 to 2.6 in debian/rules
48. By Chris Coulson on 2009-12-15: * debian/control:
- Change python-gnome2-extras recommends to python-eggtrayicon.
The former package has gone away in Lucid.
47. By Maia Kozheva <sikon@maia-desktop> on 2009-11-25: Removed installation for .so files

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/quantal/gajim

This branch contains Public information

Everyone can see this information.

Subscribers

Julian Taylor

Ubuntugajim package