Updated gajim packages fix security vulnerability
Publication date: 05 Feb 2016Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8688
Description
Gajim before 0.16.5 doesn't verify the origin of roster pushes thus allowing third parties to modify the roster via a man-in-the-middle attack (CVE-2015-8688).
References
SRPMS
5/core
- gajim-0.16.5-1.mga5
- python-nbxmpp-0.5.3-1.mga5