CVE-2011-3635

Publication date 23 October 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
empathy 11.10 oneiric
Fixed 3.2.0.1-0ubuntu1.1
11.04 natty
Fixed 2.34.0-0ubuntu3.2
10.10 maverick
Fixed 2.32.1-0ubuntu1.2
10.04 LTS lucid
Fixed 2.30.3-0ubuntu1.1
8.04 LTS hardy Ignored end of life

Notes

tyhicks

Per empathy BTS, the default “ubuntu” theme is affected

sbeattie

see also CVE-2011-4170 for the second half of this issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
empathy

References

Related Ubuntu Security Notices (USN)

    • USN-1250-1
    • Empathy vulnerabilities
    • 28 October 2011

Other references