[Bug 879301] Re: HTML injection in nicknames
This bug was fixed in the package empathy - 3.2.0.1-0ubuntu1.1 --- empathy (3.2.0.1-0ubuntu1.1) oneiric-security; urgency=low * SECURITY UPDATE: remote HTML injection (LP: #879301) - debian/patches/50_empathy-CVE-2011-3635-lp879301.patch: escape HTML in when displaying other users' names. (Thanks to upstream for patch.) - CVE-2011-3635, CVE-2011-4170 -- Steve Beattie sbeat...@ubuntu.com Mon, 24 Oct 2011 14:56:42 -0700 ** Changed in: empathy (Ubuntu) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4170 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 879301] Re: HTML injection in nicknames
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3635 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 879301] Re: HTML injection in nicknames
Also noting here that the commit http://git.gnome.org/browse/empathy/patch/?id=15a4eec2f156c4f60398a9d842279203f475ed89 is needed as well. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 879301] Re: HTML injection in nicknames
** Visibility changed to: Public ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 879301] Re: HTML injection in nicknames
Thanks for the report! Assigning the task to myself. ** Changed in: empathy (Ubuntu) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: empathy (Ubuntu) Status: New = In Progress ** Changed in: empathy (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to empathy in Ubuntu. https://bugs.launchpad.net/bugs/879301 Title: HTML injection in nicknames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/879301/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs