DSA-3943-1 gajim -- gajim
|ID: oval:org.secpod.oval:def:603056||Date: (C)2017-08-23 (M)2017-12-07|
|Class: PATCH||Family: unix|
Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XEP-0146: Remote Controlling Clients extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the "remote_commands" option.