Your message dated Thu, 22 Dec 2016 21:11:05 +0000
with message-id <e1ckadl-000b4m...@fasolo.debian.org>
and subject line Bug#845258: fixed in mcabber 0.10.2-1.1
has caused the Debian Bug report #845258,
regarding mcabber: CVE-2016-9928: remote attacker can modify the roster and
intercept messages via a crafted roster-push IQ stanza
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
845258: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mcabber
Version: 0.10.2-1
Severity: important
Tags: security upstream fixed-upstream
Hi
See
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033
This is identical to CVE-2015-8688 for gajim, but a separate CVE will
be issued. I will update the bug accordingly once issued.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mcabber
Source-Version: 0.10.2-1.1
We believe that the bug you reported is fixed in the latest version of
mcabber, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <z...@debian.org> (supplier of updated mcabber package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 22 Dec 2016 20:22:46 +0000
Source: mcabber
Binary: mcabber
Architecture: source
Version: 0.10.2-1.1
Distribution: unstable
Urgency: medium
Maintainer: Franziska Lichtblau <rhal...@old-forest.org>
Changed-By: Christian Hofstaedtler <z...@debian.org>
Description:
mcabber - small Jabber (XMPP) console client
Closes: 845258
Changes:
mcabber (0.10.2-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply patch to fix CVE-2016-9928. (Closes: #845258)
Checksums-Sha1:
0d39d7ee4be4e8fd1309efa4517f535bb7bb7694 2011 mcabber_0.10.2-1.1.dsc
2b0c2ef7ae87fa20c77c7e07ed57cccc5bc80ab6 11548 mcabber_0.10.2-1.1.debian.tar.xz
Checksums-Sha256:
743fbdc6ad1cf4866a85ade537fec8900f008b1b368256bcc90a363516cd4a04 2011
mcabber_0.10.2-1.1.dsc
d1eb5ace54586ec2f154c6fcc624ee9b3a5871e8609ae3c5802d52e2f2de4dc4 11548
mcabber_0.10.2-1.1.debian.tar.xz
Files:
4b7c881e2034e477fe745fb3c1423cd2 2011 net optional mcabber_0.10.2-1.1.dsc
afd51c6d8d695d44fdebd29504debc05 11548 net optional
mcabber_0.10.2-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlhcN3EACgkQXBPW25MF
LgNgdQ/9EDDjOIiqEEsUMn/SJ7d5h2C/pmltks0PrfuC8wLbnmeOux7ZqrsctQ5A
mrMEoVi+DBAzb547iPzy+NzjPe27M0QaIAd3YFsyqr/2ksPLLx5mP01osHqe1Yka
Y9iRPVR5WN6mWO8+3DdOz6Pjd6fsCUc1UopfaOc1B73W6Peh3OZ/5Baad713HZSC
+ILNEDuZ5ajok6UJVczw6+tzFz59w/L/Ux8g38nV3UzHWoI9yMq1cSUyHZeD+jWq
UxVLqyB+nwktvug6NTmm21sJ6cft8sSYhyJeTOYR/qVR+X7Dg0mNcS7fOZdcU5yl
0W3zU3NfG3YRUcPNCnEskFKQz+kuPFlGdPT8ZkXqI7cfl3lEPrFOwqCFQ2sWPlfQ
SUNaO61LO8YNFfBjRscLkc6aPZPcbSayytofYnkk//rE1zvTk6GtXeU6KDoxKHme
hdsc/0CzF1kh59f08Oj5oCAFmupnnVGlBMIsullTpay8avD1H7Pw16rHMML1Uh8F
9mRC7mFZ+KDLBVfTBP7Pd2oyEpNIz8O8OLj2U7ZZUUGnMIboWwcFG96Q+sJf4q+b
oo2jLc7jPtxY3nbWAgKC+VqbI18gdz+H851OIumYutwyafh1aUb1Zv4rhFp0XH+M
XUwjm6apsnO2n21NIQQmDq4x/9Ax0g6MnrEej5nq/YAzsMKuYzI=
=RmcJ
-----END PGP SIGNATURE-----
--- End Message ---
