Ubuntu
empathy package

HTML injection in nicknames

Bug #879301 reported by Guillaume Desmottes
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
empathy (Ubuntu)
Fix Released
High
Steve Beattie

Bug Description

I just requested CVE-2011-3635 for https://bugzilla.gnome.org/show_bug.cgi?id=662035

I'm opening this bug to already let you know about this security issue as Ubuntu is more affected than other distros as it ships an Adium theme by default.

Here is the description of the CVE:

Empathy from version 2.25.3 to 3.2.1.1 is vulnerable to a HTML injection bug in its chat window. Only version built with WebKit support (which was optional before version 3.1.5.1) are affected. Also this doesn't affect the default chat window, the vulnerability happens only when the user has configured it to use an Adium theme (none are provided by default).

Fix:
http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36
Details: https://bugzilla.gnome.org/show_bug.cgi?id=662035

Marc Deslauriers (mdeslaur)
visibility: private → public
visibility: private → public
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks for the report! Assigning the task to myself.

Changed in empathy (Ubuntu):
assignee: nobody → Steve Beattie (sbeattie)
status: New → In Progress
importance: Undecided → High
Revision history for this message
Steve Beattie (sbeattie) wrote :

Also noting here that the commit http://git.gnome.org/browse/empathy/patch/?id=15a4eec2f156c4f60398a9d842279203f475ed89 is needed as well.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package empathy - 3.2.0.1-0ubuntu1.1

---------------
empathy (3.2.0.1-0ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: remote HTML injection (LP: #879301)
    - debian/patches/50_empathy-CVE-2011-3635-lp879301.patch: escape
      HTML in when displaying other users' names. (Thanks to upstream
      for patch.)
    - CVE-2011-3635, CVE-2011-4170
 -- Steve Beattie <email address hidden> Mon, 24 Oct 2011 14:56:42 -0700

Changed in empathy (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.