[TAF] wml://security/2011/dsa-2169.wml

To: debian-l10n-russian <debian-l10n-russian@lists.debian.org>
Subject: [TAF] wml://security/2011/dsa-2169.wml
From: Alexander Reshetov <eof@debian-by.org>
Date: Fri, 18 Feb 2011 23:51:50 +0200
Message-id: <[🔎] 20110218215150.GF4956@meissa>
Mail-followup-to: debian-l10n-russian <debian-l10n-russian@lists.debian.org>

<define-tag description>insufficient input validation</define-tag>
<define-tag moreinfo>
<p>It was discovered that telepathy-gabble, the Jabber/XMMP connection manager
for the Telepathy framework, is processing google:jingleinfo updates without
validating their origin.  This may allow an attacker to trick telepathy-gabble
into relaying streamed media data through a server of his choice and thus
intercept audio and video calls.</p>


<p>For the oldstable distribution (lenny), this problem has been fixed in
version 0.7.6-1+lenny1.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 0.9.15-1+squeeze1.</p>

<p>For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.</p>

<p>We recommend that you upgrade your telepathy-gabble packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2169.data"
# $Id: dsa-2169.wml,v 1.1 2011-02-18 20:16:44 spaillard Exp $

Reply to:

Follow-Ups:
- Re: [TAF] wml://security/2011/dsa-2169.wml
  - From: Vladimir Zhbanov <vzhbanov@gmail.com>

Prev by Date: [TAF] wml://security/2011/dsa-2168.wml
Next by Date: [ITT] wml://security/2011/dsa-2164.wml
Previous by thread: Re: [TAF] wml://security/2011/dsa-2168.wml
Next by thread: Re: [TAF] wml://security/2011/dsa-2169.wml
Index(es):
- Date
- Thread