CVE-2011-1000

NameCVE-2011-1000
Descriptionjingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2169-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
telepathy-gabble (PTS)buster0.18.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
telepathy-gabblesourcelenny0.7.6-1+lenny1DSA-2169-1
telepathy-gabblesourcesqueeze0.9.15-1+squeeze1DSA-2169-1
telepathy-gabblesource(unstable)0.9.15-2

Notes

https://bugs.freedesktop.org/show_bug.cgi?id=34048
Search for package or bug name: Reporting problems