Upstream has released 0.16.5 and 0.17.3 to fix a remotely triggerable crash (denial of service) issue in telepathy-gabble.
Freeze push requested for 0.17.3 in Cauldron.
Updated package uploaded for Mageia 2.
Note to QA: You can test telepathy-gabble with a Jabber account in empathy.
Updated telepathy-gabble packages fix security vulnerability:
NULL pointer dereference in telepathy-gabble before 0.16.5 which causes a
crash when processing weirdly-shaped data forms in caps query replies. This
bug can be triggered by any XMPP user who knows the bare JID of a user of a
vulnerable client, without needing to be authorized to see that user's
The telepathy-gabble package has been updated to version to 0.16.5 to fix
this issue as well as several other bugs.
Updated packages in core/updates_testing:
Steps to Reproduce:
telepathy-gabble-0.17.3-1.mga3 is uploaded in Cauldron.
Testing complete mga2 32
Connected to jabber in empathy with gmail credentials.
Thanks for the procedure David.
Fedora has issued an advisory for this on March 5:
Testing complete mga2 64
Connected to jabber and gchat in empathy, replicating Claire's test.
See bug 9406 for new issues found
See comment 1 for Advisory and SRPM
Could sysadmin please push from core/updates_testing to core/updates.
has_procedure mga2-32-ok =>
has_procedure mga2-32-ok mga2-64-ok
Update pushed :