Your message dated Sun, 26 Feb 2017 18:04:05 +0000
with message-id <[email protected]>
and subject line Bug#854738: fixed in mcabber 1.0.4-1.1
has caused the Debian Bug report #854738,
regarding CVE-2017-5604
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
854738: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854738
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mcabber
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: mcabber
Source-Version: 1.0.4-1.1
We believe that the bug you reported is fixed in the latest version of
mcabber, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated mcabber package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Feb 2017 18:42:08 +0100
Source: mcabber
Binary: mcabber
Architecture: source
Version: 1.0.4-1.1
Distribution: unstable
Urgency: medium
Maintainer: Franziska Lichtblau <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
mcabber - small Jabber (XMPP) console client
Closes: 854738
Changes:
mcabber (1.0.4-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2017-5604:
An incorrect implementation of XEP-0280: Message Carbons in mcabber allows
a remote attacker to impersonate any user, including contacts, in the
vulnerable application's display. This allows for various kinds of social
engineering attacks. (Closes: #854738)
Checksums-Sha1:
893b0335f5d8ff51992218ba3861a0b864fb9961 2131 mcabber_1.0.4-1.1.dsc
3ebe66f2ec5855644a8a6a502a5d3e8497dd7fa0 5400 mcabber_1.0.4-1.1.debian.tar.xz
0f9019e0a8187bc321d3c691b2184e9fea0a11ec 6543 mcabber_1.0.4-1.1_amd64.buildinfo
Checksums-Sha256:
a6581da14a2f622c4b43f98755208d7aab5fa9bf7276bc174af265dd21528749 2131
mcabber_1.0.4-1.1.dsc
6957ab85cd56014434366510e036bb4649164627c6912fdb5dc8db02f425f7a5 5400
mcabber_1.0.4-1.1.debian.tar.xz
0a8953726ebfb069f71d067e870323ccd4dc7208ae27c31af22a911316bc5324 6543
mcabber_1.0.4-1.1_amd64.buildinfo
Files:
58c764c11c16f334f797e6c88180d7bb 2131 net optional mcabber_1.0.4-1.1.dsc
c15c6c744156e4973b79ccf368136d77 5400 net optional
mcabber_1.0.4-1.1.debian.tar.xz
e813d2c91818cf300f07a611c536a255 6543 net optional
mcabber_1.0.4-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlizFYlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkA98P/iNcd8R4Nk6CyNOyq37tb1/gb3Zvd/yjYThG
Dk2rfsksf57LR1uMJ1ixuu5zl3xk9Kfcc5oBM2dUUuY5oZzgiq33x4rfRMpuNUqb
3SzP0P63fRcLptvXb0T0VaE/R7vbw58t4kFCr6bALXgOPLYG5JHQPPdQ1tzv9C3Y
ynLQ1vphkM5gHHTDzMxYhpRH3yFWpY5oqoOsA3pCa8NYL9U4216HWctyfubtjtMe
qoJkZlBdDwIk2wrGXpm7mEwWUrFNVRLt5qmQ+Jp2Q7QR1GuTuOIF7EpgpTAlZjQk
b/P2M4wzLrYNdFYM2aAYKpMe/vcnUkZSVN5vtoyBBHO4HCkDVQnxMwZwLjAdwm1f
HwQjBn4qIZzUOMmRWL8i1U4YxRT3W//UNoV+W6+2h7eLDjpVZ5UW2nP5ng4nt6uM
Yj4lJdeM8btFUib/PSjjnL1BJoeO1M2Rc+1iLHetuRcanuIUCUFBaL2FkMs524/9
QXNo8j/bSODMbY93Pb/j6gMwyUywbzvRcQyN6zM65CseTAW8N8okDyPHQLWo8xab
agEQTTb9Wx9YTAhGANrxo2IislXen2voJpsbhrn8bX/RBhiMOQSNZQeLy+6S06jk
lqErJDJNogcJgzoGVsevL2e90Ery9iwmK6O6tEONiJvLaBhmAzB1/BhKZo/PqV/c
l5Vb7nnc
=C5Gb
-----END PGP SIGNATURE-----
--- End Message ---
