Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Apr 2012 20:49:10 +1000
From: David Black <disclosure@....org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE request: gajim - code execution and sql injection

Hi. a few months ago the following bugs were reported in gajim and do
not yet have CVE-ID allocation:
1. https://trac.gajim.org/ticket/7031, 'Assisted' code
execution (if the user clicks a link)
2. https://trac.gajim.org/ticket/7034, SQL injection via jids

Note: these two issues are fixed in the latest gajim release[0][1].

[0] http://gajim.org/ - "Gajim 0.15 is here! (18 March 2012)"
[1] https://trac.gajim.org/query?status=closed&milestone=0.15

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ