Your message dated Mon, 16 Apr 2012 21:04:42 +0000
with message-id <e1sjt6i-00084d...@franck.debian.org>
and subject line Bug#668038: fixed in gajim 0.13.4-3+squeeze2
has caused the Debian Bug report #668038,
regarding gajim code execution and sql injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
668038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668038
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gajim
Severity: grave
Tags: security
Hi,
Two security issues were reported in gajim: one user assisted code
execution and one an SQL injection:
- https://trac.gajim.org/ticket/7031
- https://trac.gajim.org/ticket/7034
They are fixed in gajim 0.15-1, which is in unstable and I've asked the
release team to increase the urgency value so it reaches testing sooner.
Can you please verify if the version in squeeze is indeed affected by
these issues and if so, are you able to provide an updated package? If
not, please also let the security team know.
Cheers,
Thijs
--- End Message ---
--- Begin Message ---
Source: gajim
Source-Version: 0.13.4-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
gajim, which is due to be installed in the Debian FTP archive:
gajim_0.13.4-3+squeeze2.diff.gz
to main/g/gajim/gajim_0.13.4-3+squeeze2.diff.gz
gajim_0.13.4-3+squeeze2.dsc
to main/g/gajim/gajim_0.13.4-3+squeeze2.dsc
gajim_0.13.4-3+squeeze2_amd64.deb
to main/g/gajim/gajim_0.13.4-3+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated gajim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Apr 2012 20:35:02 +0000
Source: gajim
Binary: gajim
Architecture: source amd64
Version: 0.13.4-3+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Yann Leboulanger <aste...@lagaule.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
gajim - Jabber client written in PyGTK
Closes: 668038 668710
Changes:
gajim (0.13.4-3+squeeze2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update fixes the following security issues:
- CVE-2012-2086: SQL injections via jids in logging code
- CVE-2012-2085: assisted code execution via crafted messages due
to insecurely processing input with popen.
- CVE-2012-2093: insecure use of temporary files when convering LaTeX
IM messages to png images.
(Closes: #668710, #668038)
Checksums-Sha1:
fd033c276b62fd97810eddfd5a49071f96650e38 1307 gajim_0.13.4-3+squeeze2.dsc
4320ea4f1ed82340778633f3858b05d8b48bfab8 5135705 gajim_0.13.4.orig.tar.gz
de7ea0863800fa4338a17d80a80c506f3ed023f6 9137 gajim_0.13.4-3+squeeze2.diff.gz
47b7a2c63c6f77b07b5ef31ac419368d3bcd82e0 4326502
gajim_0.13.4-3+squeeze2_amd64.deb
Checksums-Sha256:
4a90dbe1b855199df521808194f20370fa32dd2028a4ffb5c65674cfed4eca13 1307
gajim_0.13.4-3+squeeze2.dsc
70489184ac7829b6457b2bbe213669ca43c863bc4d96454c2a787a291cc75c67 5135705
gajim_0.13.4.orig.tar.gz
f023a0ccb52969ddff49233ba6e66c507ed7af383776c197cd731ef95c65332e 9137
gajim_0.13.4-3+squeeze2.diff.gz
230461ecb3f5cf3362668afdc97cc2cfc1e88333c82d333c1d6814a88d7be272 4326502
gajim_0.13.4-3+squeeze2_amd64.deb
Files:
c8e6eefa3304c70d49bb98a96ebe36a1 1307 net optional gajim_0.13.4-3+squeeze2.dsc
83293c88fb5398b582f2cd71015dea72 5135705 net optional gajim_0.13.4.orig.tar.gz
562848539a5f7d3e294883e8ec6b8044 9137 net optional
gajim_0.13.4-3+squeeze2.diff.gz
8fb8bb424df9714f2931e03f8b209c18 4326502 net optional
gajim_0.13.4-3+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+LNYYACgkQHYflSXNkfP868QCgjIu1wn2MQ2w8awaaPj7GJE+9
KUEAoLNaIMkAuAh/xbnfZiAeToozuVQj
=+DGR
-----END PGP SIGNATURE-----
--- End Message ---
