oss-sec mailing list archives
CVE request: gajim - code execution and sql injection
From: David Black <disclosure () d1b org>
Date: Sun, 8 Apr 2012 20:49:10 +1000
Hi. a few months ago the following bugs were reported in gajim and do not yet have CVE-ID allocation: 1. https://trac.gajim.org/ticket/7031, 'Assisted' code execution (if the user clicks a link) 2. https://trac.gajim.org/ticket/7034, SQL injection via jids Note: these two issues are fixed in the latest gajim release[0][1]. [0] http://gajim.org/ - "Gajim 0.15 is here! (18 March 2012)" [1] https://trac.gajim.org/query?status=closed&milestone=0.15
Current thread:
- CVE request: gajim - code execution and sql injection David Black (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)