Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Apr 2012 20:49:10 +1000
From: David Black <disclosure@....org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE request: gajim - code execution and sql injection

Hi. a few months ago the following bugs were reported in gajim and do
not yet have CVE-ID allocation:
1. https://trac.gajim.org/ticket/7031, 'Assisted' code
execution (if the user clicks a link)
2. https://trac.gajim.org/ticket/7034, SQL injection via jids

Note: these two issues are fixed in the latest gajim release[0][1].

[0] http://gajim.org/ - "Gajim 0.15 is here! (18 March 2012)"
[1] https://trac.gajim.org/query?status=closed&milestone=0.15

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.