Bug 1007758 – VUL-0: CVE-2016-9107: gajim: OTR leaks cleartext when using XHTML

Bug 1007758 - (CVE-2016-9107) VUL-0: CVE-2016-9107: gajim: OTR leaks cleartext when using XHTML

(CVE-2016-9107)
Summary:	VUL-0: CVE-2016-9107: gajim: OTR leaks cleartext when using XHTML

Status:	RESOLVED INVALID

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 42.1
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Alexei Sorokin
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-10-31 13:01 UTC by Alexander Bergmann
Modified:	2017-01-18 16:22 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-10-31 13:01:24 UTC

rh#1390134

A cleartext leak vulnerability when using XHTML was found in gajim.

Upstream bug:

https://trac-plugins.gajim.org/ticket/145

Upstream patch:

https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1390134
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9107
http://seclists.org/oss-sec/2016/q4/283

Comment 1 Alexei Sorokin 2016-10-31 13:44:55 UTC

But the issue is in the OTR plugin which is not part of the Gajim main source tree.

Comment 2 Swamp Workflow Management 2016-10-31 23:01:57 UTC

bugbot adjusting priority

Comment 3 Alexei Sorokin 2017-01-18 16:22:28 UTC

I'll mark this as 'invalid' for it's a report for the code not packaged.