Thanks for the report Ilya; however, this looks like a new feature rather than a security fix. (And, in fact, I think it is not yet finished, since it would allow / suggest / encourage a Flash-based xmpp client to handle data from _any_ server running on the specified port regardless of address.)
Because this is a new feature, this needs to go through the Stable Release Updates process: https://wiki.ubuntu.com/StableReleaseUpdates Thank you ** Information type changed from Private Security to Public Security ** Changed in: ejabberd (Ubuntu) Status: New => Incomplete ** Changed in: ejabberd (Ubuntu) Assignee: (unassigned) => Ilya Evseev (ilya-evseev-gmail) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1252282 Title: EJAB-960 vulnerability patch is unapplied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1252282/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
