CVE-2016-1037 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-284	gajim	0.16.7-1	0.16.8-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
05 Jun 2017	ASA-201706-4	AVG-284	gajim	High	information disclosure

References
https://dev.gajim.org/gajim/gajim/issues/8378 https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc

Notes
Should be fixed in the upcoming release.