CVE-2016-1037

Source
Severity High
Remote Yes
Type Information disclosure
Description
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Group Package Affected Fixed Severity Status Ticket
AVG-284 gajim 0.16.7-1 0.16.8-1 High Fixed
Date Advisory Group Package Severity Description
05 Jun 2017 ASA-201706-4 AVG-284 gajim High information disclosure
References
https://dev.gajim.org/gajim/gajim/issues/8378
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
Notes
Should be fixed in the upcoming release.