-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 15 Apr 2012 20:35:02 +0000 Source: gajim Binary: gajim Architecture: source amd64 Version: 0.13.4-3+squeeze2 Distribution: stable-security Urgency: high Maintainer: Yann Leboulanger <asterix@lagaule.org> Changed-By: Nico Golde <nion@debian.org> Description: gajim - Jabber client written in PyGTK Closes: 668038 668710 Changes: gajim (0.13.4-3+squeeze2) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * This update fixes the following security issues: - CVE-2012-2086: SQL injections via jids in logging code - CVE-2012-2085: assisted code execution via crafted messages due to insecurely processing input with popen. - CVE-2012-2093: insecure use of temporary files when convering LaTeX IM messages to png images. (Closes: #668710, #668038) Checksums-Sha1: fd033c276b62fd97810eddfd5a49071f96650e38 1307 gajim_0.13.4-3+squeeze2.dsc 4320ea4f1ed82340778633f3858b05d8b48bfab8 5135705 gajim_0.13.4.orig.tar.gz de7ea0863800fa4338a17d80a80c506f3ed023f6 9137 gajim_0.13.4-3+squeeze2.diff.gz 47b7a2c63c6f77b07b5ef31ac419368d3bcd82e0 4326502 gajim_0.13.4-3+squeeze2_amd64.deb Checksums-Sha256: 4a90dbe1b855199df521808194f20370fa32dd2028a4ffb5c65674cfed4eca13 1307 gajim_0.13.4-3+squeeze2.dsc 70489184ac7829b6457b2bbe213669ca43c863bc4d96454c2a787a291cc75c67 5135705 gajim_0.13.4.orig.tar.gz f023a0ccb52969ddff49233ba6e66c507ed7af383776c197cd731ef95c65332e 9137 gajim_0.13.4-3+squeeze2.diff.gz 230461ecb3f5cf3362668afdc97cc2cfc1e88333c82d333c1d6814a88d7be272 4326502 gajim_0.13.4-3+squeeze2_amd64.deb Files: c8e6eefa3304c70d49bb98a96ebe36a1 1307 net optional gajim_0.13.4-3+squeeze2.dsc 83293c88fb5398b582f2cd71015dea72 5135705 net optional gajim_0.13.4.orig.tar.gz 562848539a5f7d3e294883e8ec6b8044 9137 net optional gajim_0.13.4-3+squeeze2.diff.gz 8fb8bb424df9714f2931e03f8b209c18 4326502 net optional gajim_0.13.4-3+squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk+LNYYACgkQHYflSXNkfP868QCgjIu1wn2MQ2w8awaaPj7GJE+9 KUEAoLNaIMkAuAh/xbnfZiAeToozuVQj =+DGR -----END PGP SIGNATURE----- Accepted: gajim_0.13.4-3+squeeze2.diff.gz to main/g/gajim/gajim_0.13.4-3+squeeze2.diff.gz gajim_0.13.4-3+squeeze2.dsc to main/g/gajim/gajim_0.13.4-3+squeeze2.dsc gajim_0.13.4-3+squeeze2_amd64.deb to main/g/gajim/gajim_0.13.4-3+squeeze2_amd64.deb