File empathy-cve-2011-3635.patch of Package empathy.import5376

Index: empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c
===================================================================
--- empathy-2.32.2.orig/libempathy-gtk/empathy-theme-adium.c
+++ empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c
@@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatV
 	EmpathyThemeAdiumPriv *priv = GET_PRIV (theme);
 	EmpathyContact        *sender;
 	TpAccount             *account;
-	gchar                 *body_escaped;
+	gchar                 *body_escaped, *name_escaped;
 	const gchar           *body;
 	const gchar           *name;
 	const gchar           *contact_id;
@@ -469,12 +469,13 @@ theme_adium_append_message (EmpathyChatV
 	body_escaped = theme_adium_parse_body (body);
 	name = empathy_contact_get_alias (sender);
 	contact_id = empathy_contact_get_id (sender);
+	name_escaped = g_markup_escape_text (name, -1);
 
 	/* If this is a /me, append an event */
 	if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {
 		gchar *str;
 
-		str = g_strdup_printf ("%s %s", name, body_escaped);
+		str = g_strdup_printf ("%s %s", name_escaped, body_escaped);
 		theme_adium_append_event_escaped (view, str);
 
 		g_free (str);
@@ -600,7 +601,7 @@ theme_adium_append_message (EmpathyChatV
 
 	if (html != NULL) {
 		theme_adium_append_html (theme, func, html, len, body_escaped,
-					 avatar_filename, name, contact_id,
+					 avatar_filename, name_escaped, contact_id,
 					 service_name, message_classes->str,
 					 timestamp, is_backlog);
 	} else {
@@ -616,6 +617,7 @@ theme_adium_append_message (EmpathyChatV
 	priv->last_is_backlog = is_backlog;
 
 	g_free (body_escaped);
+	g_free (name_escaped);
 	g_string_free (message_classes, TRUE);
 }