Debian Security Advisory
DLA-413-1 gajim -- LTS security update
- Date Reported:
- 09 Feb 2016
- Affected Packages:
- gajim
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 809900.
In Mitre's CVE dictionary: CVE-2015-8688. - More information:
-
Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4.