[SECURITY] [DLA 724-1] mcabber security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 724-1] mcabber security update
From: Chris Lamb <lamby@debian.org>
Date: Sun, 27 Nov 2016 11:13:12 +0100
Message-id: <[🔎] 1480241592.1711392.800165089.2C944179@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mcabber
Version        : 0.10.1-3+deb7u1
Debian Bug     : 845258

It was discovered that there was a "roster push attack" [0] in mcabber, a
console-based Jabber (XMPP) client.

For Debian 7 "Wheezy", this issue has been fixed in mcabber version
0.10.1-3+deb7u1.

We recommend that you upgrade your mcabber packages.

  [0] https://gultsch.de/gajim_roster_push_and_message_interception.html


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlg6saUACgkQHpU+J9Qx
HljsgxAAv09RpM279VdhDczggkjLnckhbIndLE4yMIM0GmfnSVhICyrZ/JSpsrx4
uMuCYOJXGpxcQ/ZED7pVtl6CgDhDxuYGUKVrqyOHVEWk+O6OnIxu53UyT4epQbzu
I9dY8JoToT4t24KMys4kdC3CmmLzNq9XVv9feSJ/jpuFWSHvQXFvryxlLMbybuy6
gm3bneX8iIiz7D6vl6CltIuJbCLUOhbxRgrkEuup2xLdQLT+dY//NPZAJ69LqsVK
iMLtI81dtMCq2KM9+mKsBg3aUs+5Hz1z8Ml17kcNwfRhW8Ar+Brh8koutj8rWebw
PW/PneMIlikzreozUqaWMVeW7kQOdCYLR/ssGhVoOXCDClah4KFCwNGUg7DHw6oi
Z8YOvSy5WB/v2kgmlXwO136gCLiaoMw6Gu4IJ8WW7Lr9sZi194K8hGNZgh+Q17kj
PCl8XVvQ9u00qXJQTfUTt6Nkz1cbLQSG5kfpfgxnT3anJEMJki/spkk6PL6aCy3n
d7Z55htq3/44Eie4iWMSDFReOixZUBFQ1QaqqgmJhCQPoTPz6c4VJIsTrMAs5jP5
nks6BDKL5BybaAzmi2aTbOuFt/46Mp5SL5iqpMhgkSKZSKYP7iaoPFbBsCoMMyvN
cnaoQvhVLdS2NHjm8bJdMmVsruKKtB72zH7NoYNnyOb623nvhi4=
=mVwu
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 723-1] libsoap-lite-perl security update
Next by Date: [SECURITY] [DLA 725-1] tzdata new upstream version
Previous by thread: [SECURITY] [DLA 723-1] libsoap-lite-perl security update
Next by thread: [SECURITY] [DLA 725-1] tzdata new upstream version
Index(es):
- Date
- Thread