Bug#845258: marked as done (mcabber: CVE-2016-9928: remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza)

[Debian Bug Tracking System]

Your message dated Fri, 23 Dec 2016 21:50:04 +0000
with message-id <e1ckxj2-0000sx...@fasolo.debian.org>
and subject line Bug#845258: fixed in mcabber 1.0.4-1
has caused the Debian Bug report #845258,
regarding mcabber: CVE-2016-9928: remote attacker can modify the roster and 
intercept messages via a crafted roster-push IQ stanza
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
845258: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: mcabber
Version: 0.10.2-1
Severity: important
Tags: security upstream fixed-upstream

Hi

See
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033

This is identical to  CVE-2015-8688 for gajim, but a separate CVE will
be issued. I will update the bug accordingly once issued.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: mcabber
Source-Version: 1.0.4-1

We believe that the bug you reported is fixed in the latest version of
mcabber, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Franziska Lichtblau <rhal...@old-forest.org> (supplier of updated mcabber 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Dec 2016 13:50:12 +0100
Source: mcabber
Binary: mcabber
Architecture: source amd64
Version: 1.0.4-1
Distribution: unstable
Urgency: medium
Maintainer: Franziska Lichtblau <rhal...@old-forest.org>
Changed-By: Franziska Lichtblau <rhal...@old-forest.org>
Description:
 mcabber    - small Jabber (XMPP) console client
Closes: 845258
Changes:
 mcabber (1.0.4-1) unstable; urgency=medium
 .
   * New upstream version which fixes roster push attacks (CVE-2016-9928,
     closes: #845258)
Checksums-Sha1:
 7fcd68875c11ab49b1b3a0a01cc565aec5958e90 1958 mcabber_1.0.4-1.dsc
 bfb2217a722d5893f585699d137884814991d935 605462 mcabber_1.0.4.orig.tar.bz2
 993aa737f0a2a45224a001163777e4fb381a3c14 4728 mcabber_1.0.4-1.debian.tar.xz
 968c052e00e8ecf404a2ce3799c76e6a9a82405c 396398 
mcabber-dbgsym_1.0.4-1_amd64.deb
 ea5d00c807defa2a3f359ce195644428f6c85566 6804 mcabber_1.0.4-1_amd64.buildinfo
 e045b75a7c7128a058e48152744b90654851d6a3 267934 mcabber_1.0.4-1_amd64.deb
Checksums-Sha256:
 0c2639b9a7900bdfd1b9e8aefea7333f887b67a6259976bb2d61bf817e7ec219 1958 
mcabber_1.0.4-1.dsc
 63b6bc003fcceba4dc4b273ed1c71643c4f8d95e8696543d53f64a7672b1ce0a 605462 
mcabber_1.0.4.orig.tar.bz2
 a42c8dafc9a03af2b57e43453167b7b4c61a6147d63f56b32fd814ce332f2af8 4728 
mcabber_1.0.4-1.debian.tar.xz
 73c982eb21f2efcd8c25ce5b0c994bf7653c49517b96098c6b3896fdb08b0497 396398 
mcabber-dbgsym_1.0.4-1_amd64.deb
 2c2338ab7bcaa782ef8d3f6daffc9a6fd395f54ca268c57de7e99a9778c3482c 6804 
mcabber_1.0.4-1_amd64.buildinfo
 2164fc6fd441f3c688e181d4656ce6e89e6bff7f78e99b96dc17f9adfde3f92a 267934 
mcabber_1.0.4-1_amd64.deb
Files:
 6c5d53642277a71fb62bae04c3cc9f0e 1958 net optional mcabber_1.0.4-1.dsc
 81ffa7866458b4853f4f155f09f05fb3 605462 net optional mcabber_1.0.4.orig.tar.bz2
 4b301f6ed3034a833231a15932039921 4728 net optional 
mcabber_1.0.4-1.debian.tar.xz
 b9da98a4a0cb9bb53bdbef078a258221 396398 debug extra 
mcabber-dbgsym_1.0.4-1_amd64.deb
 b22755739a86cc56b9db83bb6ac4bb9a 6804 net optional 
mcabber_1.0.4-1_amd64.buildinfo
 2c194cb7a32f823c8e62970966554c76 267934 net optional mcabber_1.0.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYXZYRAAoJEN7oBD7hfrswHSUQAIUmlG+R6CxTaZVLjQIWGTgW
xLadWjTDNWZJga5J7Gi06mVTvl1/nRvLASUDnc9mOY/28NB9QbcWEwn5jtBDMsx9
edB+yMpEpftixOlRr8j90PKKiVNUL4nHsVPMnmBFDCsiyeeUxU84t7bF3xpsynOF
8HFt8sw3l/GaVQ4jAmqqIcbFYl2OhnZbY/ZPxdudeXl4Zef76cFUddKjOCdN4L5m
CSP7BiYcDaqN/VtCFR+d0OiSHAOuzKa+5skEroiEuvAllSJaFQ4VcwyXZF/NSsHR
7aGeSrjAF5cXiv2bGoLMEDqdVia3gjKGVkzwN7wKeQvLGLvWOMUe9bFfY6g6d4Za
iIossz6O10fKmD7ELndVheQlGGmS3UvAxmDWo8y81rKwyDEeXpuQWsnQF+jdHjk7
0mSOibhajSfPu1V89Mpwd0p/ri+iGoFsjC+37rrgwlLb9CAwBYWWDW/QUhww4m7l
ltzpbiT+CrXmV7GdE28eNeXFyYvmEu//xDuYUkVUKH3PQqmdgqp7OqJbg4McmXPB
yrhRH+LMoc8+lGOLCfHgLhP3CD6NwAoYZULX1my0wbECqp9Z0ivi5EVoqZdn11mT
UjzTEyKCuU2IRMRdLoNzlTMXHln5U3StPe0Qu6u/6aY2qwQBZdY1hPN0F3T0MWzQ
LcvBpOAyA8KB/f2BIJX+
=fBdB
-----END PGP SIGNATURE-----

--- End Message ---