[Secure-testing-team] Bug#863698: CVE-2016-10376
Guido Günther
agx at sigxcpu.org
Tue May 30 06:49:18 UTC 2017
Package: gajim
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: grave
Tags: security
Version: 0.16-1
Hi,
the following vulnerability was published for gajim.
CVE-2016-10376[0]:
| Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote
| Controlling Clients" extension. This can be abused by malicious XMPP
| servers to, for example, extract plaintext from OTR encrypted sessions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
I saw that the bug is fixed in unstable already but let's have a bug to
track this for Jessie.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
More information about the Secure-testing-team
mailing list