Ubuntu
telepathy-gabble package

telepathy-gabble security fix

Bug #720201 reported by Omer Akram
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
telepathy-gabble (Ubuntu)
Fix Released
Medium
Jamie Strandboge
Karmic
Fix Released
Medium
Jamie Strandboge
Lucid
Fix Released
Medium
Jamie Strandboge
Maverick
Fix Released
Medium
Jamie Strandboge
Natty
Fix Released
Medium
Jamie Strandboge

Bug Description

Binary package hint: telepathy-gabble

telepathy upstream just announced a security fix for telepathy-gabble in 0.11.x 0.10.x and 0.8.x series. Ubuntu should have the fix too.

Revision history for this message
Omer Akram (om26er) wrote :

this is the upstream bug report: https://bugs.freedesktop.org/show_bug.cgi?id=34048

Changed in telepathy-gabble (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Omer Akram (om26er)
Revision history for this message
Omer Akram (om26er) wrote :

these are the announcements for individual series:
http://lists.freedesktop.org/archives/telepathy/2011-February/005272.html
http://lists.freedesktop.org/archives/telepathy/2011-February/005273.html
http://lists.freedesktop.org/archives/telepathy/2011-February/005274.html

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Omer, I have already prepared the update for natty, and was waiting for the unembargo. Have you uploaded already?

Changed in telepathy-gabble (Ubuntu Lucid):
status: New → Fix Committed
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in telepathy-gabble (Ubuntu Maverick):
status: New → Fix Committed
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in telepathy-gabble (Ubuntu Natty):
status: New → Fix Committed
assignee: Omer Akram (om26er) → Jamie Strandboge (jdstrand)
Changed in telepathy-gabble (Ubuntu Karmic):
status: New → Fix Committed
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in telepathy-gabble (Ubuntu Natty):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Fix Committed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package telepathy-gabble - 0.11.6-1ubuntu2

---------------
telepathy-gabble (0.11.6-1ubuntu2) natty; urgency=low

  * SECURITY UPDATE: don't process google:jingleinfo updates from contacts
    - debian/patches/0001-ignore-google-jingleinfo-from-contacts.patch: don't
      accept jingleinfo except from self or server
    - CVE-2011-XXXX
    - LP: #720201
 -- Jamie Strandboge <email address hidden> Tue, 15 Feb 2011 12:40:34 -0600

Changed in telepathy-gabble (Ubuntu Natty):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand)
Changed in telepathy-gabble (Ubuntu Natty):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-1067-1 (pending mirroring).

Changed in telepathy-gabble (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in telepathy-gabble (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in telepathy-gabble (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.