Debian Security Advisory

DLA-413-1 gajim -- LTS security update

Date Reported:

09 Feb 2016

Affected Packages:

gajim

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 809900.
In Mitre's CVE dictionary: CVE-2015-8688.

More information:

Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4.