This bug was fixed in the package empathy - 3.2.0.1-0ubuntu1.1
---
empathy (3.2.0.1-0ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: remote HTML injection (LP: #879301)
- debian/patches/50_empathy-CVE-2011-3635-lp879301.patch: escape
HTML in when displaying
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3635
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to empathy in Ubuntu.
https://bugs.launchpad.net/bugs/879301
Title:
HTML injection in nicknames
To manage
Also noting here that the commit
http://git.gnome.org/browse/empathy/patch/?id=15a4eec2f156c4f60398a9d842279203f475ed89
is needed as well.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to empathy in Ubuntu.
** Visibility changed to: Public
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to empathy in Ubuntu.
https://bugs.launchpad.net/bugs/879301
Title:
HTML injection in nicknames
To manage
Thanks for the report! Assigning the task to myself.
** Changed in: empathy (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: empathy (Ubuntu)
Status: New = In Progress
** Changed in: empathy (Ubuntu)
Importance: Undecided = High
--
You received this bug
