Debian Security Advisory

DLA-724-1 mcabber -- LTS security update

Date Reported:
27 Nov 2016
Affected Packages:
mcabber
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 845258.
More information:

It was discovered that there was a roster push attack [0] in mcabber, a console-based Jabber (XMPP) client.

For Debian 7 Wheezy, this issue has been fixed in mcabber version 0.10.1-3+deb7u1.

We recommend that you upgrade your mcabber packages.

[0] https://gultsch.de/gajim_roster_push_and_message_interception.html