Debian Security Advisory
DSA-3943-1 gajim -- security update
- Date Reported:
- 14 Aug 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 863445.
In Mitre's CVE dictionary: CVE-2016-10376.
- More information:
Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the
For the oldstable distribution (jessie), this problem has been fixed in version 0.16-1+deb8u2.
For the stable distribution (stretch), this problem has been fixed prior to the initial release.
We recommend that you upgrade your gajim packages.