https://gultsch.de/posts/gajim-roster-push_and-message-interception/
Daniel Gultsch | Gajim Roster Push Attack / Message Interception
CVE-2015-8688: Gajim doesn’t verify the origin of roster pushes thus allowing third parties to modify the roster. Alice is using the latest version of Gajim...
roster push attackdaniel gultschgajimmessageinterception