A CVE has been assigned for a security issue in gajim: http://openwall.com/lists/oss-security/2017/05/28/1 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
fixed in cauldron
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
pushed in updates_testing src.rpm: gajim-0.16.5-1.1.mga5
Assignee: mageia => qa-bugs
Advisory: ======================== Updated gajim packages fix security vulnerabilities: Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, or example, extract plaintext from OTR encrypted sessions (CVE-2016-10376). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376 http://openwall.com/lists/oss-security/2017/05/28/1 ======================== Updated packages in core/updates_testing: ======================== gajim-0.16.5-1.1.mga5 from gajim-0.16.5-1.1.mga5.src.rpm
MGA5-32 on Asus A6000VM Xfce No installation issues gajim launches OK from CLI, but then ..... Tried to use its wizard to create a jabber account, but got nowhere. Various listed servers were not reachable, on other I got "not acceptable". Finaly used google to find out: this got me to jabber.hot.chilli.eu website where I could create an account (using same username and password! as with the wizard). Then I could get gajim to connect, But it lacks some facility to search for someone to connect with if you don't know the jabbername. So that was the end of testing. Searching for previous updates just shows more problems in the past.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Whiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => lewyssmith
x86-64. Created an account at dismail.de. Didn't test any further. Validating the update.
Whiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0166.html
Status: NEW => RESOLVEDResolution: (none) => FIXED