-
Committer:
Package Import Robot
-
Author(s):
Julian Taylor
-
Date:
2012-05-10 17:48:53 UTC
-
Revision ID:
package-import@ubuntu.com-20120510174853-o6iecm81m8bc0g0i
Tags: 0.13-0ubuntu2.1
* SECURITY UPDATE: assisted code execution (LP: #992618)
- debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent
shell escape from via crafted messages
https://trac.gajim.org/changeset/bc296e96ac10
- CVE-2012-2085
* SECURITY UPDATE: sql injection in logging code (LP: #992618)
- debian/patches/CVE-2012-2086.dpatch: use a prepated statement
https://trac.gajim.org/changeset/bfd5f94489d8
- CVE-2012-2086
* SECURITY UPDATE: insecure tmpfile creation (LP: #992613)
- debian/patches/CVE-2012-2093.dpatch: use safe tmpfile functions
when convering LaTeX IM messages to png images
Thanks to Nico Golde
- CVE-2012-2093