[Telepathy] Announce: telepathy-gabble 0.17.3
Will Thompson
will.thompson at collabora.co.uk
Mon Mar 4 04:26:59 PST 2013
The “less resplendent backup ruffs” release. This includes the fixes
from telepathy-gabble 0.16.5, including fixing a remotely-triggered
denial-of-service bug. You should upgrade to this version if you are
already running the 0.17 development branch; you should upgrade to
0.16.5 if you want a stable release.
tarball: http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.17.3.tar.gz
signature: http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.17.3.tar.gz.asc
git: http://cgit.freedesktop.org/telepathy/telepathy-gabble
Fixes:
• fd.o#57521: don't crash when the server sends back malformed or error
replies to privacy list queries. (wjt)
• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
bug can be triggered by any XMPP user who knows your bare JID, not
just by people you've authorized to see your presence. Fortunately, it
is just a NULL pointer dereference, rather than allowing the attacker
to do anything more nefarious like execute code. (wjt)
• fd.o#43166: handle rate-limiting by MUCs better, including disabling
typing notifications if we get rate-limited, and including the error
message from the server in the D-Bus signal so that the user interface
could, in principle, show it to the user. (wjt)
Enhancements:
• fd.o#58198: the Jingle protocol code now lives in Wocky. This should make no
functional difference to Gabble. (wjt)
Cheers,
--
Will
More information about the telepathy
mailing list