Package: gajim X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Version: 0.16-1
Hi, the following vulnerability was published for gajim. CVE-2016-10376[0]: | Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote | Controlling Clients" extension. This can be abused by malicious XMPP | servers to, for example, extract plaintext from OTR encrypted sessions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. I saw that the bug is fixed in unstable already but let's have a bug to track this for Jessie. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
