Candidate: CVE-2012-1410
PublicDate: 2012-02-29 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1410
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the History Window
 implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to
 inject arbitrary web script or HTML via a crafted (1) SMS message, (2)
 presence message, or (3) status description.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=797777
 https://bugzilla.novell.com/show_bug.cgi?id=749036
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_kadu:
 upstream: https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52
 upstream: https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84
 upstream: https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0
 upstream: https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6
upstream_kadu: not-affected (0.11.1-2)
hardy_kadu: not-affected
lucid_kadu: not-affected
maverick_kadu: not-affected (0.6.5.4.ds1-3ubuntu2)
natty_kadu: ignored (reached end-of-life)
oneiric_kadu: ignored (reached end-of-life)
precise_kadu: not-affected (0.11.1-2)
quantal_kadu: not-affected (0.11.1-2)
raring_kadu: not-affected (0.11.1-2)
devel_kadu: not-affected (0.11.1-2)