Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372981 - <net-voip/telepathy-gabble-0.10.5: MITM vulnerability (CVE-2011-1000)
Summary: <net-voip/telepathy-gabble-0.10.5: MITM vulnerability (CVE-2011-1000)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-25 12:54 UTC by GLSAMaker/CVETool Bot
Modified: 2014-06-01 15:42 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:54:54 UTC 
CVE-2011-1000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1000):
  jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5,
  and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls
  via a crafted google:jingleinfo stanza that specifies an alternate server
  for streamed media.
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-25 14:36:17 UTC 
No versions in-tree suffer from this vulnerability.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2011-06-26 02:26:22 UTC 
Could you elaborate? We have 0.10.5 stable, but I did not look into this in great detail.
Comment 3 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-26 13:00:58 UTC 
(In reply to comment #2)
> Could you elaborate? We have 0.10.5 stable, but I did not look into this in
> great detail.

I was merely saying that there's nothing here for maintainers and arch teams to do.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 20:30:03 UTC 
GLSA Vote: yes.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:49:38 UTC 
Vote: YES. New GLSA request filed.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2014-06-01 15:42:43 UTC 
This will not get a GLSA.