[SECURITY] [DLA 832-1] bitlbee security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 832-1] bitlbee security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 20 Feb 2017 22:11:42 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1702202207350.22449@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bitlbee
Version        : 3.0.5-1.2+deb7u1
CVE ID         : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668


CVE-2017-5668
     Fix for incomplete fix for "Null pointer dereference with file
     transfer request from unknown contacts".
     (Though this package wasn't in Wheezy with this issue, I
      mention it here.
      The fix was done with the second patch for CVE-2016-10189)

CVE-2016-10189
     Null pointer dereference with file transfer request from unknown
     contacts.

CVE-2016-10188
     deactivate any incoming file transfer for bitlbee
     This affects any libpurple protocol when used through BitlBee. It
     does not affect other libpurple-based clients such as pidgin.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJYq1uOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHDjUQAIUb/mkr6UBsXGpvX63UBy3n
7rA4QOkxhtwEAWBhWSNyaZtlLl1q0FzQfZqaLQaHtrcU15s3WE+yAN7RTZEPf8X+
0bSfHlni4lMUQ/1jN1hrWPNJAOXfPNg+m1FF8oEPgnU1UbYVSpms4Rx+xsrkW7JL
gNX8zRj0XmnxvBYxNS+O5qt3wLaZsok1GlZeDAFlrurpTuWBBItejgJSpWwHGZ5h
Nm5gUZHMwJhH1T489RpAj+/Cvyzix3D5RWnUlC4iLZxGucYjjkMaCaV6LsPwSMsM
72YM3zmrmGtCCjBxTWk4RLrP5p8pUsTnWJn7F1luxcwYdYy61tqHoBt/QibNj51z
zJj5NL6FNQgnxWgoTN/C6HJjTs7TEIbDlJJ+2c6xH4CdmELuSIWs5FoTKEtwavAM
q3W5+GO4ecTTE2A1rjtNqonuCbP0F0USc4kcJ8MAsjhkaUf0J1BYAQONDAZWT3SC
L6jf5V9EPGu2t5Tcklt8I6QMCn3BMU+kkVxccL/jbtIWPoUZEQ0gt72JRTRlI71c
FqoRCnqRPfhqvGwaK53Do26vrCfs0Ovm5+r0XrM7GMzXEwmhNP4QUJeSuwiTXdly
kC6yp33lSv4XQmchf53NeAbLzmYKQk0tC18m5JBXSN/GxU4zepZpaUguCD9EdNqK
96AEUfXSGNGPr4dK4Ais
=Djjm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 823-2] tomcat7 regression update
Next by Date: [SECURITY] [DLA 834-1] phpmyadmin security update
Previous by thread: [SECURITY] [DLA 823-2] tomcat7 regression update
Next by thread: [SECURITY] [DLA 834-1] phpmyadmin security update
Index(es):
- Date
- Thread