Actually, it looks like jtaylor might have beaten me to the punch. From
here on, please refer to bug #999629 for tracking the resolution of the
regression.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
Thanks for determining the problem, undefined! I've got new packages
building locally. I'll make sure that I got all of the packaging changes
right and then upload the new versions to the Ubuntu Security Proposed
PPA in hopes that undefined and avsd05 can give them a quick test. I'll
comment when t
** Patch added: "backport upstream revision 12863 to facilitate patch for
CVE-2012-2085"
https://bugs.launchpad.net/ubuntu/+source/gajim/+bug/992618/+attachment/3147644/+files/update_thread_interface_to_accommodate_CVE-2012-2085_in_lucid.patch
--
You received this bug notification because yo
on lucid i receive the same traceback as avsd05 (or close enough; i'm
too lazy to perfectly diff the two).
the missing patch: https://trac.gajim.org/changeset/12863.
the reason: exec_command() calls thread_interface() with only one
argument (p.wait, which is the command to execute in the new thre
Hi all!
Just installed the security update - and now getting exception each time
Gajim receives or sends a message:
{{{
Traceback (most recent call last):
File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 528, in
_process_events
return IdleQueue._process_events(self, fd, flags)
This bug was fixed in the package gajim - 0.13-0ubuntu2.1
---
gajim (0.13-0ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent
shell escape from via crafted me
This bug was fixed in the package gajim - 0.13.4-3ubuntu2.1
---
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
shell escape from via crafted
This bug was fixed in the package gajim - 0.14.1-1ubuntu1.1
---
gajim (0.14.1-1ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent
shell escape from via craft
> they provide an upgrade path, they are just a bit longer than minimal.
Does this matter?
Yes - it results in uglier version numbers. We only want to use the
extended version numbers when necessary.
> also according to the wiki it shouldn't it be 0.14.1-1ubuntu1.1
You're right. Sorry for the ba
testing just basic startup and connection tests. I checked that the
tmpfile regression that occured in debian does not happend and also
caught and fixed another issue in the debian patch and forwarded that
earlier.
** Changed in: gajim (Ubuntu Lucid)
Status: Incomplete => Confirmed
** Chan
thanks for the thorough review.
> * New package versions are wrong. For example, the Oneiric version should be
>'0.14.1-1ubuntu2'. Please see the version examples at:
> https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
they provide an upgrade path, they are just a
Hi Julian - Thanks for the debdiffs! I've reviewed them and have
compiled some feedback...
Debdiff review:
* New package versions are wrong. For example, the Oneiric version should be
'0.14.1-1ubuntu2'. Please see the version examples at:
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
** Branch linked: lp:~jtaylor/ubuntu/oneiric/gajim/multiple-CVE
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992618
Title:
gajim code execution and sql injection
To manage notifications about this
** Changed in: gajim (Debian)
Status: New => Fix Released
** Changed in: gajim (Debian)
Importance: Undecided => Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992618
Title:
gajim
** Branch linked: lp:~jtaylor/ubuntu/natty/gajim/multiple-CVE
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992618
Title:
gajim code execution and sql injection
To manage notifications about this b
** Branch linked: lp:~jtaylor/ubuntu/lucid/gajim/multiple-CVE
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992618
Title:
gajim code execution and sql injection
To manage notifications about this b
16 matches
Mail list logo
