Debian Security Advisory

DLA-413-1 gajim -- LTS security update

Date Reported:
09 Feb 2016
Affected Packages:
gajim
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 809900.
In Mitre's CVE dictionary: CVE-2015-8688.
More information:

Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4.