CVE-2011-4170
Published: 23 October 2011
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
Notes
Author | Note |
---|---|
tyhicks | Per empathy BTS, the default "ubuntu" theme is affected |
Priority
Status
Package | Release | Status |
---|---|---|
empathy Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.30.3-0ubuntu1.1)
|
|
maverick |
Released
(2.32.1-0ubuntu1.2)
|
|
natty |
Released
(2.34.0-0ubuntu3.2)
|
|
oneiric |
Released
(3.2.0.1-0ubuntu1.1)
|
|
upstream |
Released
(3.2.1.1-1)
|
|
Patches: upstream: http://git.gnome.org/browse/empathy/commit/?id=15a4eec2f156c4f60398a9d842279203f475ed89 |