Debian Security Advisory
DLA-832-1 bitlbee -- LTS security update
- Date Reported:
- 23 Feb 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-10188, CVE-2016-10189, CVE-2017-5668.
- More information:
Fix for incomplete fix for
Null pointer dereference with file transfer request from unknown contacts. (Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189)
Null pointer dereference with file transfer request from unknown contacts.
deactivate any incoming file transfer for bitlbee This affects any libpurple protocol when used through BitlBee. It does not affect other libpurple-based clients such as pidgin.
For Debian 7
Wheezy, these issues have been fixed in bitlbee version 3.0.5-1.2+deb7u1