subject:"Bug#854688\: bitlbee\: The versions in stable\/testing are vulnerable to CVE\-2016\-10189 and CVE\-2016\-10188"

Bug#854688: bitlbee: The versions in stable/testing are vulnerable to CVE-2016-10189 and CVE-2016-10188

2017-05-11 Thread Moritz Mühlenhoff

On Thu, May 11, 2017 at 05:20:55PM +0300, Adrian Bunk wrote: > On Thu, Feb 09, 2017 at 11:38:29AM -0300, dequis wrote: > > Package: bitlbee > > Version: 3.4.2-1.1 > > Severity: grave > > Tags: upstream security patch fixed-upstream > > > > Hi, > > > > I'm opening this bug since #853282, which

Bug#854688: bitlbee: The versions in stable/testing are vulnerable to CVE-2016-10189 and CVE-2016-10188

2017-05-11 Thread Adrian Bunk

On Thu, Feb 09, 2017 at 11:38:29AM -0300, dequis wrote: > Package: bitlbee > Version: 3.4.2-1.1 > Severity: grave > Tags: upstream security patch fixed-upstream > > Hi, > > I'm opening this bug since #853282, which was just fixed by the > 3.5.1-1 upload, seems to apply to sid only. > >

Bug#854688: bitlbee: The versions in stable/testing are vulnerable to CVE-2016-10189 and CVE-2016-10188

2017-02-09 Thread dequis

Package: bitlbee Version: 3.4.2-1.1 Severity: grave Tags: upstream security patch fixed-upstream Hi, I'm opening this bug since #853282, which was just fixed by the 3.5.1-1 upload, seems to apply to sid only. CVE-2016-10188 is "bitlbee-libpurple: Use after free when expiring file transfer