DSA-2169-1 telepathy-gabble -- insufficient input validationID: oval:org.secpod.oval:def:600203 | Date: (C)2011-03-10 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that telepathy-gabble, the Jabber/XMMP connection manager for the Telepathy framework, is processing google:jingleinfo updates without validating their origin. This may allow an attacker to trick telepathy-gabble into relaying streamed media data through a server of his choice and thus intercept audio and video calls.
Platform: |
Debian 5.0 |
Debian 6.0 |