Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XEP-0146: Remote Controlling Clients extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the "remote_commands" option.
The host is installed with Adobe Digital Editions before 4.5.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to execute arbitrary code.