This bug was fixed in the package gajim - 0.13.4-3ubuntu2.1
--------------- gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618) - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent shell escape from via crafted messages https://trac.gajim.org/changeset/bc296e96ac10 - CVE-2012-2085 * SECURITY UPDATE: sql injection in logging code (LP: #992618) - debian/patches/CVE-2012-2086.patch: use a prepated statement https://trac.gajim.org/changeset/bfd5f94489d8 - CVE-2012-2086 * SECURITY UPDATE: insecure tmpfile creation (LP: #992613) - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions when convering LaTeX IM messages to png images Thanks to Nico Golde - CVE-2012-2093 -- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:45 -0700
This bug was fixed in the package gajim - 0.13.4-3ubuntu2.1
---------------
gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: assisted code execution (LP: #992618) patches/ CVE-2012- 2085.patch: fix subprocess call to prevent /trac.gajim. org/changeset/ bc296e96ac10 patches/ CVE-2012- 2086.patch: use a prepated statement /trac.gajim. org/changeset/ bfd5f94489d8 patches/ CVE-2012- 2093.patch: use safe tmpfile functions
- debian/
shell escape from via crafted messages
https:/
- CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
- debian/
https:/
- CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
- debian/
when convering LaTeX IM messages to png images
Thanks to Nico Golde
- CVE-2012-2093
-- Julian Taylor <email address hidden> Thu, 10 May 2012 17:48:45 -0700