[SECURITY] [DLA 2260-1] mcabber security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2260-1] mcabber security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 28 Jun 2020 17:02:39 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.2006281700470.28289@jupiter.server.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mcabber
Version        : 0.10.2-1+deb8u1
CVE ID         : CVE-2016-9928

It was discovered that there was a "roster push attack" in mcabber, aconsole-based Jabber (XMPP) client. This is identical to CVE-2015-8688

for gajim.


For Debian 8 "Jessie", this problem has been fixed in version
0.10.2-1+deb8u1.

We recommend that you upgrade your mcabber packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74sQ9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEefNA/+MDJXZUS20VwiLQmjeM4PCJpCE39pM8XQZ3/wguHsMX3zdGSvhW5IQ/pj
NRXfbfz3CdXt5Tvx2qCMdaLtuoAOuwjD+79lNb/5nb+XmtZtvnIeZzDUazmf9zln
YLz+dZxBuk61HSqJi7bV7vul4pNBWraz2rgTGHvUjz72AUvY9FqYGexLy76oRpgr
0i4/+F7xLwZ+NlpPnCM1804D13m4EWDs8Zcw3Hq6Gide5ZNJrRmnqVBCJ6KiwT6o
4lnVJVlCwMQYbb5nn7HljN+fp0BoLJuNmKEblI9GhlNkcvDmRoq733YP1ulW9Lke
ilFIcXIlBECc8cjQBcvGCEs77bjiLEYVIi9e9sLZ+i/yKze9vIN0bLuEVV0IYMZ9
VouiaA3EzWRtuWb59VyTK0997Da0dZwzSNoSMFw190IxSqUVZWMGof6ASVDvGYdY
iwcX31YBU5PEIk66LNneSd/ohIxZY4ihqi7c+hK7KobJVMW0csKAF8eIQ+ppqpod
qUoY82n4wbyyZ8miqTuo98jP0IUtbkUr1oUJuDiK9CmCoeHpibcl1Xrx87ksXJtx
VUdlYYrcqnLMklT8Dk6eInEnwGZ5zI5vIOxxVnwgrTZYzWHLLTsFUOduCSaD1c7P
bOSxgwcVClGZv5FFXUCZcI1PqvWd19xiplaoeHbTaF8rJbWSCpU=
=h2ko
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2259-1] picocom security update
Next by Date: [SECURITY] [DLA 2262-1] qemu security update
Previous by thread: [SECURITY] [DLA 2259-1] picocom security update
Next by thread: [SECURITY] [DLA 2262-1] qemu security update
Index(es):
- Date
- Thread