[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[TAF] wml://security/2011/dsa-2169.wml

<define-tag description>insufficient input validation</define-tag>
<define-tag moreinfo>
<p>It was discovered that telepathy-gabble, the Jabber/XMMP connection manager
for the Telepathy framework, is processing google:jingleinfo updates without
validating their origin.  This may allow an attacker to trick telepathy-gabble
into relaying streamed media data through a server of his choice and thus
intercept audio and video calls.</p>

<p>For the oldstable distribution (lenny), this problem has been fixed in
version 0.7.6-1+lenny1.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version 0.9.15-1+squeeze1.</p>

<p>For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.</p>

<p>We recommend that you upgrade your telepathy-gabble packages.</p>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2169.data"
# $Id: dsa-2169.wml,v 1.1 2011-02-18 20:16:44 spaillard Exp $

Reply to: