[Secure-testing-team] Bug#845258: mcabber: remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 21 20:40:46 UTC 2016
Source: mcabber
Version: 0.10.2-1
Severity: important
Tags: security upstream fixed-upstream
Hi
See
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033
This is identical to CVE-2015-8688 for gajim, but a separate CVE will
be issued. I will update the bug accordingly once issued.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list