Package: mcabber Version: 0.9.7-0.1 Severity: important Tags: security
Mcabber uses an embedded and vulnerable version of the expat library for XML parsing. At a minimum, http://security-tracker.debian.org/tracker/CVE-2009-3720 is present from having a quick review of the relevant source. I have not investigated the impact of this vulnerability or how it would be triggered. I imagine the impact is quite low because the outstanding vulnerabilities in expat are denial of services. The desired outcome is that mcabber dynamically link against the system expat library instead of linking in the embedded copy.
