CVE-2015-8688

NameCVE-2015-8688
DescriptionGajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-413-1, DSA-3492-1
Debian Bugs809900

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gajim (PTS)bullseye1.3.1-1fixed
bookworm1.7.3-2fixed
sid, trixie1.9.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gajimsourcesqueeze0.13.4-3+squeeze4DLA-413-1
gajimsourcewheezy0.15.1-4.1+deb7u1DSA-3492-1
gajimsourcejessie0.16-1+deb8u1DSA-3492-1
gajimsource(unstable)0.16.5-0.1809900

Notes

http://gultsch.de/gajim_roster_push_and_message_interception.html
https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
Search for package or bug name: Reporting problems