Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1000 to the following vulnerability: jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1000 [2] http://www.openwall.com/lists/oss-security/2011/02/17/4 [3] http://www.openwall.com/lists/oss-security/2011/02/17/7 [4] https://bugs.freedesktop.org/show_bug.cgi?id=34048 [5] http://www.debian.org/security/2011/dsa-2169 [6] http://www.ubuntu.com/usn/USN-1067-1 [7] http://www.securityfocus.com/bid/46440 [8] http://secunia.com/advisories/43316 [9] http://secunia.com/advisories/43369 [10] http://secunia.com/advisories/43404 [11] http://www.vupen.com/english/advisories/2011/0412 [12] http://www.vupen.com/english/advisories/2011/0428
Created telepathy-gabble tracking bugs for this issue Affects: epel-6 [bug 678907]
This issue affects the version of the telepathy-gabble package, as shipped with Fedora release of 13. Please schedule an update. -- An update has been already scheduled for telepathy-gabble package, as present in Fedora release of 14. After the required testing, the updated package will be pushed to Fedora stable repository. -- This issue affects the version of the telepathy-gabble package, as present within EPEL-6 repository. Please schedule and update.
Created telepathy-gabble tracking bugs for this issue Affects: fedora-13 [bug 678908]
ARRAY(0x558ebd053d30)