[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3943-1 gajim -- gajim

ID: oval:org.secpod.oval:def:603056Date: (C)2017-08-23   (M)2017-12-07
Class: PATCHFamily: unix




Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XEP-0146: Remote Controlling Clients extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the "remote_commands" option.

Platform:
Debian 8.x
Product:
gajim
Reference:
DSA-3943-1
CVE-2016-10376
CVE    1
CVE-2016-10376
CPE    3
cpe:/a:gajim:gajim:0.16.7
cpe:/a:gajim:gajim
cpe:/o:debian:debian_linux:8.x

© SecPod Technologies