Security update for gajim SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0102-1 Final 1 1 2016-01-13T13:45:53Z current 2016-01-13T13:45:53Z 2016-01-13T13:45:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gajim This update to gajim 0.16.5 fixes the following security issues: * CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment (boo#960668) The following on-security improvements were added: * Improve MAM implementation. * Ability for emoticons to be sorted in menu. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html E-Mail link for openSUSE-SU-2016:0102-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 gajim-0.16.5-4.1 gajim-lang-0.16.5-4.1 gajim-0.16.5-4.1 as a component of openSUSE Leap 42.1 gajim-lang-0.16.5-4.1 as a component of openSUSE Leap 42.1 Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. CVE-2015-8688 openSUSE Leap 42.1:gajim-0.16.5-4.1 openSUSE Leap 42.1:gajim-lang-0.16.5-4.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html https://www.suse.com/security/cve/CVE-2015-8688.html CVE-2015-8688 https://bugzilla.suse.com/1014976 SUSE Bug 1014976 https://bugzilla.suse.com/960668 SUSE Bug 960668