There's a vulnerability in the current version of gajim: http://gultsch.de/gajim_roster_push_and_message_interception.html Seems upstream has fixed it in the repo, but no new release yet. Here's the commit: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
commit 3d4cc3c71b2e820d2a689311bfa5a11341250033 Author: Justin Lecher <jlec@gentoo.org> Date: Mon Dec 28 15:50:14 2015 +0100 net-im/gajim: Version Bump, fixes CVE-2015-8688 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=569936 Package-Manager: portage-2.2.26 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d4cc3c71b2e820d2a689311bfa5a11341250033
@arches, please go ahead.
Arches, please test and mark stable: =net-im/gajim-0.16.5 Target keywords : "amd64 arm ppc ppc64 x86"
amd64 stable
Stable for PPC64.
arm stable
ppc stable
x86 done, last arch!
commit d571facf6645dd65748dd1712a4705958a3431ee Author: Justin Lecher <jlec@gentoo.org> Date: Wed Jan 20 16:35:05 2016 +0100 net-im/gajim: Drop version vulnerable to CVE-2015-8688 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=569936 Package-Manager: portage-2.2.27 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d571facf6645dd65748dd1712a4705958a3431ee
Thank you all for you work. Closing as [noglsa].