Your message dated Mon, 25 Apr 2016 17:17:05 +0000 with message-id <[email protected]> and subject line Bug#822113: Removed package(s) from unstable has caused the Debian Bug report #699493, regarding jabber-irc: / in channel names causes remote DoS vulnerability and probably spoofing attacks to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 699493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699493 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: jabber-irc Version: 0.4cvs20080505-1.1 Severity: important Tags: upstream When joining an IRC channel containing a slash (/), or, more precisely, upon receiving the first message from that channel, pyIRCt drops out and breaks the server connection because it receives an error from the Jabber server: IOError: Disconnected from server. Thu 31 Jan 2013 23:28:27 - CVS 1.133 Traceback (most recent call last): File "/usr/sbin/jabberd-irc", line 2579, in <module> connection.Process(1) File "/usr/lib/python2.7/dist-packages/xmpp/dispatcher.py", line 303, in dispatch handler['func'](session,stanza) File "/usr/lib/python2.7/dist-packages/xmpp/dispatcher.py", line 215, in streamErrorHandler raise exc((name,text)) InvalidFrom: (u'invalid-from', u'Component tried to send from address <##/dev/arandom%[email protected]/Natureshadow> which is not in domain <irc.naturalnet.de>') This happens because / is the ressource seperator in a JID and it is not properly masked when converting IRC channel names to Jabber MUC room names. Credits to mirabilos for devising such cool channel names ;)! -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/mksh Versions of packages jabber-irc depends on: ii adduser 3.113+nmu3 ii lsb-base 4.1+Debian8 ii python 2.7.3~rc2-1 ii python-irclib 0.4.8-1 ii python-xmpp 0.4.1-cvs20080505.2 jabber-irc recommends no packages. Versions of packages jabber-irc suggests: pn jabber <none> -- Configuration Files: /etc/default/jabber-irc changed: ENABLED='1' /etc/pyirct.conf.xml changed: <?xml version="1.0" ?> <pyirct> <!-- This file contains options to be configured by the server administrator. --> <!-- Please read through all the options in this file --> <!-- The JabberID of the transport --> <jid>irc.naturalnet.de</jid> <!-- The component JID of the transport. Unless you're doing clustering, leave this alone --> <!-- <compjid>irc1</compjid> --> <!-- The public IP or DNS name of the machine the transport is running on --> <!-- This is used to select the outgoing IP address used to connect to IRC networks --> <!-- otherwise known as the vanity address, it's safe to leave it commented --> <!--<host>vanity.host.example.net</host>--> <!-- The name of the transport in the service discovery list. --> <!-- <discoName>IRC Transport</discoName> --> <!-- The location of the spool file.. if relative, relative to the PyIRCt dir. --> <!-- Include the jid of the transport, if running multiple copies of the same transport --> <spoolFile>ircuser.dbm</spoolFile> <!-- The location of the PID file, relative to the PyIRCt directory --> <!-- Comment out if you do not want a PID file --> <pid>PyIRCt.pid</pid> <!-- The IP address or DNS name of the main Jabber server --> <mainServer>127.0.0.1</mainServer> <!-- The JID of the main Jabber server --> <mainServerJID>naturalnet.de</mainServerJID> <!-- The TCP port to connect to the Jabber server on (this is the default for Jabberd2) --> <port>5347</port> <!-- The authentication token to use when connecting to the Jabber server --> <secret></secret> <!-- SASL username used to bind to Jabber server. --> <!-- secret, above, is used for sasl password --> <!--<saslUsername>username-for-jabberd2-connection</saslUsername>--> <!-- Allow users to register with this transport --> <allowRegister/> <!-- Require users to be registered before allowing them to join a room --> <!-- <requireRegister/> --> <!-- Send activity messages to users (for clients that don't support MUC) --> <activityMessages/> <!-- Use external component binding. --> <!-- This dodges the need to manually configure all jids that talk to this transport. --> <!-- Jabberd2 requires saslUsername and useRouteWrap for this to work. --> <!-- Wildfire as of 2.6.0 requires just this. --> <!--<useComponentBinding/>--> <!-- Wrap stanzas in <route> stanza. --> <!-- Jabberd2 requires this for useComponentBinding. --> <!--<useRouteWrap/>--> <!-- You can choose which users you wish to have as administrators. These users can perform some tasks with Ad-Hoc commands that others cannot --> <!--<admins> <jid>[email protected]</jid> <jid>[email protected]</jid> </admins>--> <admins><jid>[email protected]</jid></admins> <!-- The file to log to. Leave this disabled for stdout only --> <debugFile>ircerror.log</debugFile> <!-- Show the raw data being sent and received from the xmpp and irc servers --> <!--<dumpProtocol/>--> <!-- The default charset to use for the transport, if not supplied by the user when registering --> <!-- <charset>utf-8</charset> --> </pyirct> -- no debconf information
--- End Message ---
--- Begin Message ---Version: 0.4cvs20080505-1.1+rm Dear submitter, as the package jabber-irc has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/822113 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
