oss-sec mailing list archives
Re: CVE request: gajim - code execution and sql injection
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 08 Apr 2012 09:59:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/08/2012 04:49 AM, David Black wrote:
Hi. a few months ago the following bugs were reported in gajim and do not yet have CVE-ID allocation: 1. https://trac.gajim.org/ticket/7031, 'Assisted' code execution (if the user clicks a link)
Please use CVE-2012-2085 for this issue.
2. https://trac.gajim.org/ticket/7034, SQL injection via jids
Please use CVE-2012-2086 for this issue.
Note: these two issues are fixed in the latest gajim release[0][1]. [0] http://gajim.org/ - "Gajim 0.15 is here! (18 March 2012)" [1] https://trac.gajim.org/query?status=closed&milestone=0.15
On a side note: if you want a free SSL certificate please use something like http://cert.startcom.org/ which is included within most browsers. cacert.org is not included in any (that I know of) browsers, I have no idea what the cacert practices are (and I can't find any documentation on their site) so there's no way that root key will be loaded by myself (and most people I know). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPgbXKAAoJEBYNRVNeJnmTMxYQAKWoeLUvwmPT4jMwmkGjDaRR KGR6q5ITFiX9An1sLBZcpK/RUcvM2kC5QVIPZNP82gQXfs3tXCDnem7xAGPU7KHL WBWHnq/Wc0Qf97g2jgmpnxplfd7+mNrKyd+g0qdCS13K1F49eYeuK3LH3XOYXxAs 9aanpcmiGjywhhZ/OhfJPVU5Nz4WbUsfVDh88iCAQXPj4xvYXRjcy3je1n2fUlDy OsK66ih51hV5Dq3t3HbZSfMDnjtgklEZTDK4fQ+rM7Ojph9tTfSp95CaWKoounf5 TjxzVAV8knzvzHWoaYmmJg3Kx+mF43kzlTT73ecUTtBYCerfr1ypD0XBfibLerPR v1wTvZcDpGTLETE+fE9q4rF9HGQX/PG3aOJlmYHULCKXcef77enPpEaZ0HmBHs8j +UuyaAB8+bo9EUnh5EMJtpkv2vMmxLFYchEmLeBEwrhYe1jQ2IRye/4u0nEfLV00 6fcCr94uQP263PSitRMm+1G5Jh7TcMwyad04EdXSCCR+DNStZ9RN3eTFFHBux54t Q5dxvzBqSMj9L3XnKCz9q9ErAZoiGWNlhLTAMSF7qmq/mzfyo6DlwOHZ4dKFDK0m MdsBcbYLQ5gGnKbC2Xg895g6vGhlwriuotFt5kchO52hKpAIHuwixXFBOMEZ3WWp SP9vNx5a/TcMNaKZcdxB =wM0B -----END PGP SIGNATURE-----
Current thread:
- CVE request: gajim - code execution and sql injection David Black (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)