Your message dated Tue, 09 Feb 2010 22:47:54 +0000
with message-id <e1neys6-0002k4...@ries.debian.org>
and subject line Bug#568383: fixed in ejabberd 2.1.2-2
has caused the Debian Bug report #568383,
regarding ejabberd: CVE-2010-0305 remote denial of service via too many
client2server messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
568383: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568383
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ejabberd
Severity: grave
Tags: patch security
A remotely exploitable denial of service vulnerability has been found in
ejabberd
which allows an attacker to crash because of a message queue overload when
sending too many client2server message to the server (e.g. via a rogue client).
Patches are available at:
https://support.process-one.net/browse/EJAB-1173;jsessionid=CC9A1D875A20197DD4571444DA8C1EFB?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
CVE-2010-0305 has been assigned to this issue. Please mention this CVE id in the
changelog when fixing this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: ejabberd
Source-Version: 2.1.2-2
We believe that the bug you reported is fixed in the latest version of
ejabberd, which is due to be installed in the Debian FTP archive:
ejabberd_2.1.2-2.diff.gz
to main/e/ejabberd/ejabberd_2.1.2-2.diff.gz
ejabberd_2.1.2-2.dsc
to main/e/ejabberd/ejabberd_2.1.2-2.dsc
ejabberd_2.1.2-2_powerpc.deb
to main/e/ejabberd/ejabberd_2.1.2-2_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 568...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Konstantin Khomoutov <flatw...@users.sourceforge.net> (supplier of updated
ejabberd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 04 Feb 2010 03:38:02 +0300
Source: ejabberd
Binary: ejabberd
Architecture: source powerpc
Version: 2.1.2-2
Distribution: unstable
Urgency: high
Maintainer: Torsten Werner <twer...@debian.org>
Changed-By: Konstantin Khomoutov <flatw...@users.sourceforge.net>
Description:
ejabberd - distributed, fault-tolerant Jabber/XMPP server written in Erlang
Closes: 568383
Changes:
ejabberd (2.1.2-2) unstable; urgency=high
.
* Integrate upstream patches for EJAB-1173,
fixing CVE-2010-0305 (closes: #568383).
Checksums-Sha1:
0457c8fcde32c99f9f35ac72e31b482c36c80ea2 1357 ejabberd_2.1.2-2.dsc
0d75d9111a1bf5a020dce4d8f100c271da64e669 67911 ejabberd_2.1.2-2.diff.gz
632bdcd17e0d65252d68307d2fcac883d3800eb5 1333854 ejabberd_2.1.2-2_powerpc.deb
Checksums-Sha256:
f9980c2eb8dfe8b6fa02ad66d62fb3dda7d66f57cd2c74bad89678315173f920 1357
ejabberd_2.1.2-2.dsc
5e6b702b99d1440a0ff29e070db5c011597b42d4a1a212ba1b21846cd3148634 67911
ejabberd_2.1.2-2.diff.gz
edc48a4f53baa41f572c3d7a1ce4d80c13b8d72d170c140de1420edd9505547a 1333854
ejabberd_2.1.2-2_powerpc.deb
Files:
c0e52e46035257335d203f4a17d67069 1357 net optional ejabberd_2.1.2-2.dsc
57942779de587ea2e85a061937cbd61e 67911 net optional ejabberd_2.1.2-2.diff.gz
f2d2a6bf0c19a986835d272603185a9e 1333854 net optional
ejabberd_2.1.2-2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktx4+IACgkQELuA/Ba9d8Z2qwCgzJc2uQqvkxOGy92fS2y/DZHp
Z9QAnR1n4Dzr8JBsDEVEfN4xjk/Z91/I
=G6aZ
-----END PGP SIGNATURE-----
--- End Message ---
