Package: jabber Version: 1.4.3-3 Severity: grave Tags: security sid sarge I can only guess that our version is vulnerable as well. If not, please close this bug report. If you've included a fixe, please add the CVE id to the proper changelog item.
====================================================== Candidate: CAN-2004-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1378 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050119 Category: SF Reference: BUGTRAQ:20040920 Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109583829122679&w=2 Reference: MLIST:20040919 [jabberd] Jabberd 1.4 critical bug Reference: URL:http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html Reference: CONFIRM:http://devel.amessage.info/jabberd14/ Reference: CONFIRM:http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html Reference: GENTOO:GLSA-200409-31 Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml Reference: BID:11231 Reference: URL:http://www.securityfocus.com/bid/11231 Reference: XF:jabberd-xml-dos(17466) Reference: URL:http://xforce.iss.net/xforce/xfdb/17466 The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connnections. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
