Package: jabberd2-ldap-bdb Version: 2.0s10-1 Severity: grave Tags: security Justification: user security hole
http://article.gmane.org/gmane.network.jabber.admin/27372 from the post: =============== This is a jabberd2s11 security release. This release fixes a problem where sending a <response> stanza before an <auth> stanza during a SASL negotiation can cause a c2s segfault. No other changes were made to the source from the s10 release. Downloads are available here: http://jabberstudio.org/projects/jabberd2/releases/ md5sum:67d1663ed97a5ba707d5d145b1d19c55 Bug reports and feature requests should be submitted using the tools on http://j2.openaether.org/. General support requests should go to jadmin <at> jabber.org. Anything else should be sent to jabberd <at> jabberstudio.org. Thanks to: Jeremy Lunn Stepehn Marquard [/snip] ====== -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (1000, 'unstable'), (998, 'experimental') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.15.5-pylon.1 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages jabberd2-ldap-bdb depends on: ii jabber-common 0.4 Jabber server and transport (commo ii libc6 2.3.6-3 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-24 Berkeley v4.2 Database Libraries [ ii libidn11 0.5.18-2 GNU libidn library, implementation ii libldap-2.3 [libldap2] 2.3.7-0.3 OpenLDAP libraries ii libldap-2.3-0 [libldap2] 2.3.20-1.1 OpenLDAP libraries ii libldap2 2.2.20-0.1 OpenLDAP libraries ii libldap2.3-0 [libldap2] 2.3.19-0.1 OpenLDAP libraries ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8a-8 SSL shared libraries jabberd2-ldap-bdb recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
