CVE-2011-1000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1000): jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
No versions in-tree suffer from this vulnerability.
Could you elaborate? We have 0.10.5 stable, but I did not look into this in great detail.
(In reply to comment #2) > Could you elaborate? We have 0.10.5 stable, but I did not look into this in > great detail. I was merely saying that there's nothing here for maintainers and arch teams to do.
GLSA Vote: yes.
Vote: YES. New GLSA request filed.
This will not get a GLSA.