it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3492-2] gajim regression update
- Date: Sun, 28 Feb 2016 11:04:40 +0000
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Sun, 28 Feb 2016 11:04:57 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <krP4zqtto0B.A.caE.ZRt0WB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3492-2 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 28, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gajim
Debian Bug : 816158
The wheezy part of the previous gajim update, DSA-3492-1, was
incorrectly built resulting in an unsatisfiable dependency. This update
corrects that problem. For reference, the original advisory text
follows.
Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber
client. Gajim didn't verify the origin of roster update, allowing an
attacker to spoof them and potentially allowing her to intercept
messages.
For the oldstable distribution (wheezy), this problem has been fixed
in version 0.15.1-4.1+deb7u2.
We recommend that you upgrade your gajim packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJW0tQFAAoJEAVMuPMTQ89EGVUP/2cWsnn9rzv7aodGQ9S+5gml
gN+2NpsfsWIo8D0m8As9cZUqJG72NbWOyjc/IbORiyCzVcTt9NsVVNZd1Pbf7ThU
C6hK1WQIDZUOETerlLD3Ai6upLm9cOqjtAQwiKFdwDH40U9BSst3wMk1vxvcjRxa
6i6CHCdsRKw7XJ+K9WolptblqAEz1FtTltWyxoCuDKDYoJfWmA90aJYWOYbHnprb
eCFCu6/EPmnz3k2L257uf1bBQojuOQupLgpQFaGJ7QaAgDTw15As4l8fSZPt4wMu
nwj8cU5m/JluQUigw+6bk6GrfFhRm6iNXx2chC50D+gYi4hHxejj/rFLcqKPpi6S
7O1nXrRzLa1X8YTPME6Gw1cpsKmy1nhK2OJbDhBvNbjxIK5XBRDsxiz0vmJg7PsR
9513DR0VVb2D1Jfr1lnsZFH8K6S8bMcP0NZWtnt95WDlesjANBXOBQU8M4Whl3RJ
8S2RGcJSikyejA+C5eAG9c0ESGkb0lnSn7vMLTbi+AKo6cG1WT0aVYDBRNj4oiZO
jeAcIB7+aey9rvNvLFsNJE+Lh2kDXZQ3Zsl1BAtcuzbNimEXcfuufqatR5OO3h3D
pO/mH7yw4/uCZt37I2ESyAgRczv2PW+Hj5aI4uOKtjoaDTb2BkbzZgWHqnVw53dl
CKP4SaFLyz06KznV+Vcr
=i0Lp
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3492-2] gajim regression update, Salvatore Bonaccorso, 28.02.2016
Archiv bereitgestellt durch MHonArc 2.6.19.