Your message dated Sun, 26 Feb 2017 21:13:31 +0000
with message-id <[email protected]>
and subject line Bug#854740: fixed in slixmpp 1.2.2-1.1
has caused the Debian Bug report #854740,
regarding CVE-2017-5591
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
854740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854740
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: slixmpp
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2017/q1/373
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: slixmpp
Source-Version: 1.2.2-1.1
We believe that the bug you reported is fixed in the latest version of
slixmpp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated slixmpp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Feb 2017 20:31:13 +0100
Source: slixmpp
Binary: python3-slixmpp python3-slixmpp-lib python-slixmpp-doc
Architecture: source
Version: 1.2.2-1.1
Distribution: unstable
Urgency: medium
Maintainer: Tanguy Ortolo <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
python-slixmpp-doc - Threadless, event-based XMPP Python library
(documentation)
python3-slixmpp - Threadless, event-based XMPP Python 3 library
python3-slixmpp-lib - Threadless, event-based XMPP Python 3 library (optional
binary mo
Closes: 854740
Changes:
slixmpp (1.2.2-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2017-5591:
An incorrect implementation of XEP-0280: Message Carbons in slixmpp allows
a remote attacker to impersonate any user, including contacts, in the
vulnerable application's display. This allows for various kinds of social
engineering attacks. (Closes: #854740)
Checksums-Sha1:
46b3e2f43e47932490b3f1a00b03a88dc540fe80 2252 slixmpp_1.2.2-1.1.dsc
6dafb322b6815acac3e0d95b9a4988908c6d7aed 8452 slixmpp_1.2.2-1.1.debian.tar.xz
b8e9f3a121fae2278e93bfe0df4db3157ee77ebb 6942 slixmpp_1.2.2-1.1_amd64.buildinfo
Checksums-Sha256:
9c111c793ebac871e8591bca087aad16f3d60e372f0bfe5dc2bc0c5f1a134e16 2252
slixmpp_1.2.2-1.1.dsc
1c3c0bf4ed0772df23dabcba00e61fc50871ba64cf25372fc7aa59d9582c02a9 8452
slixmpp_1.2.2-1.1.debian.tar.xz
50d2e0ff43742f677d773e7a4d899e8db73b74b665e8ed5fbe1ab637d4844588 6942
slixmpp_1.2.2-1.1_amd64.buildinfo
Files:
cedb1677faf8d2cca88e79f4a2db7029 2252 python optional slixmpp_1.2.2-1.1.dsc
a3cc21b7eab8436d0699b1c7cafca776 8452 python optional
slixmpp_1.2.2-1.1.debian.tar.xz
ed65e3223d6c7d36832ee779c163a668 6942 python optional
slixmpp_1.2.2-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlizMMFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkbqMP/3MjcdbCmht4c8/acYslXzAVyEygGbTiUpyW
QngqTVaHxWoogsGLMMeMqJVJjVEukL/9liIVBxRaGByGKwIMqbLM9jNG6+zuva7k
ergCoSvcksnsBrA9St5ovKPax2UBGxb1JDD4wUq0/JkhRHPvS6D2qT4rn0JU25Jz
m/30NsommR4VEQJW7YvBHwxFRkPBflJE4F58vwrrYQoBQgdSH1f5LQhg7/2CRMri
XwBaNEDkjqhBQObOySr69/MDKq3EonzXYxU/TI4PhxPGCHSmXIZSoIWkQ0E4zlNC
pHuM4AjksP8Glbs7YP+AX26xFV6C1ikR2nNWnXIpeb5Ic/kM0dg1HPh2qfFJMAyx
xYjBqkGP8BQGN9FugWghmx2sbuBz5kn3LxRSF/T2pZHL0IV9cRC6ekRZz9NoNKj8
ODQjFsl1Y9fPM1KObsouxXKp3NFZtuTRdLGBEm1oI0T4xMEggiQc/cBDAYu9a4OC
MC21YRGh30hiPG17cDSoHmDn4L4rvsUIYGfU5nhZk/eEYKy3RMzy51O3rcM/0s0G
OuGKqU7pDcffJ8aJCDoNr9aDpVEL9XTWlvqhb3hNUJKEb0NNJBjQp/H4+tNnA2Pz
otBAEn/I5AlCDUiZOw19xM47wcfXGBYkIDmRYhTwdtlyFyzXqxU1tLzRrZDw7rX2
yv5Sm5UI
=0OGy
-----END PGP SIGNATURE-----
--- End Message ---
