CVE-2011-3635
Published: 23 October 2011
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).
Notes
Author | Note |
---|---|
tyhicks | Per empathy BTS, the default "ubuntu" theme is affected |
sbeattie | see also CVE-2011-4170 for the second half of this issue |
Priority
Status
Package | Release | Status |
---|---|---|
empathy Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.30.3-0ubuntu1.1)
|
|
maverick |
Released
(2.32.1-0ubuntu1.2)
|
|
natty |
Released
(2.34.0-0ubuntu3.2)
|
|
oneiric |
Released
(3.2.0.1-0ubuntu1.1)
|
|
upstream |
Released
(3.2.1.1-1)
|
|
Patches: upstream: http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36 |