[Telepathy] Announce: telepathy-gabble 0.16.5

Will Thompson will.thompson at collabora.co.uk
Mon Mar 4 04:26:56 PST 2013

The “In Actuality You Are A Gigantic, Bloodthirsty Grizzly Bear”
release. This fixes a remotely-triggered denial-of-service bug. You
should upgrade.

tarball: http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.16.5.tar.gz
signature: http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.16.5.tar.gz.asc
git: http://cgit.freedesktop.org/telepathy/telepathy-gabble


• fd.o#57521: don't crash when the server sends back malformed or error
  replies to privacy list queries. (wjt)

• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
  replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
  bug can be triggered by any XMPP user who knows your bare JID, not
  just by people you've authorized to see your presence. Fortunately, it
  is just a NULL pointer dereference, rather than allowing the attacker
  to do anything more nefarious like execute code. (wjt)


More information about the telepathy mailing list