Bug 355219 (CVE-2011-1000)

Summary:	<net-voip/telepathy-gabble-0.10.5: JID validation missing (CVE-2011-1000)
Product:	Gentoo Security	Reporter:	Olivier Crete (RETIRED) <tester>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	gnome, voip+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://lists.freedesktop.org/archives/telepathy/2011-February/005272.html
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description Olivier Crete (RETIRED) gentoo-dev

2011-02-16 17:22:48 UTC

Applies to all recent series (0.8, 0.10, 0.11)

http://lists.freedesktop.org/archives/telepathy/2011-February/005272.html
http://lists.freedesktop.org/archives/telepathy/2011-February/005273.html
http://lists.freedesktop.org/archives/telepathy/2011-February/005274.html

Comment 1 Pacho Ramos gentoo-dev

2011-02-16 18:07:11 UTC

ebuild available for 0.10.5

Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-02-17 15:34:25 UTC

Arches, the target for stabilization is =net-voip/telepathy-gabble-0.10.5

Comment 3 Pacho Ramos gentoo-dev

2011-02-17 17:43:35 UTC

Arches could probably wait a bit (-> around a day) and go directly with bug 353436 also

Comment 4 Markos Chandras (RETIRED) gentoo-dev

2011-02-23 23:40:46 UTC

amd64 done as part of Gnome stabilization

Comment 5 Christian Faulhammer (RETIRED) gentoo-dev

2011-02-25 22:44:38 UTC

x86 done by tomka.

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2011-03-18 17:24:35 UTC

alpha/ia64/sparc stable

Comment 7 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-03-22 21:03:14 UTC

ppc done wrt #353436, last arch over'n'out

Comment 8 Tim Sammut (RETIRED) gentoo-dev

2011-03-22 21:45:08 UTC

Thanks, folks. GLSA Vote: no.

Comment 9 Alex Legler (RETIRED) archtester

2011-03-22 21:50:58 UTC

GLSA vote: NO

Maintainers, please remove any vulnerable versions left in the tree.