** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3635
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames Status in “empathy” package in Ubuntu: In Progress Bug description: I just requested CVE-2011-3635 for https://bugzilla.gnome.org/show_bug.cgi?id=662035 I'm opening this bug to already let you know about this security issue as Ubuntu is more affected than other distros as it ships an Adium theme by default. Here is the description of the CVE: Empathy from version 2.25.3 to 3.2.1.1 is vulnerable to a HTML injection bug in its chat window. Only version built with WebKit support (which was optional before version 3.1.5.1) are affected. Also this doesn't affect the default chat window, the vulnerability happens only when the user has configured it to use an Adium theme (none are provided by default). Fix: http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36 Details: https://bugzilla.gnome.org/show_bug.cgi?id=662035 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp