Debian Bug report logs -
#685666
jabberd2: CVE-2012-3525
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 23 Aug 2012 07:51:02 UTC
Severity: grave
Tags: security
Fixed in version jabberd2/2.2.17-1
Done: Willem van den Akker <wvdakker@wilsoft.nl>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>:
Bug#685666; Package jabberd2.
(Thu, 23 Aug 2012 07:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>.
(Thu, 23 Aug 2012 07:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: jabberd2
Severity: grave
Tags: security
Justification: user security hole
Please see
http://xmpp.org/resources/security-notices/server-dialback/
https://bugzilla.redhat.com/show_bug.cgi?id=850872
Fix:
https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d
Cheers,
Moritz
Reply sent
to Willem van den Akker <wvdakker@wilsoft.nl>:
You have taken responsibility.
(Wed, 24 Jul 2013 15:51:39 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 24 Jul 2013 15:51:39 GMT) (full text, mbox, link).
Message #10 received at 685666-close@bugs.debian.org (full text, mbox, reply):
Source: jabberd2
Source-Version: 2.2.17-1
We believe that the bug you reported is fixed in the latest version of
jabberd2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 685666@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Willem van den Akker <wvdakker@wilsoft.nl> (supplier of updated jabberd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 16 Jan 2013 10:00:41 +0100
Source: jabberd2
Binary: jabberd2
Architecture: source amd64
Version: 2.2.17-1
Distribution: unstable
Urgency: low
Maintainer: Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>
Changed-By: Willem van den Akker <wvdakker@wilsoft.nl>
Description:
jabberd2 - Jabber instant messenger server
Closes: 543415 547767 589304 637112 673243 685666 689538 689539
Changes:
jabberd2 (2.2.17-1) unstable; urgency=low
.
* New upstream version (Closes: #637112, #547767).
* New version patches user security hole (Closes: #685666).
* debian/init: added Should-Start/Should-Stop dependency for MySQL
(Closes: #673243).
* debian/watch: updated URL (Closes: #543415).
* debian/dirs, debian/postinst: removed /var/run/jabber2 (Closes: #689538).
* debian/component.d: removed 20resolver. Resolver is not included anymore
(Closes: #689539).
* Added myself to uploaders list (Closes: #589304).
* debian/init, debian/component.d/*: Make less bashish.
* debian/control: Remove inactive uploaders from list.
* Make it a debhelper package:
+ debian/rules: dh compliant.
+ debian/install: file created. Needed for rules.
+ debian/default: made some corrections and comments.
+ debian/control: remove hardening-includes.
+ debian/lintianoverride: added *-has-useless-call-to-ldconfig.
* debian/TODO: updated.
* debian/prerm: removed because not needed.
* debian/control: moved adduser from Depends to Pre-Depends.
* debian/copyright: new format, updated maintainer information.
* debian/TODO: added file.
* Removed CVE-2011-1755.dpatch. Is now included in upstream source.
* Removed implicit-pointer-conversion.dpatch. Is now included in
upstream source.
* debian/control: changed homepage URL.
* debian/control: changed debhelper dependency to >= 9.0.0.
* debian/control: added ${misc:Depends} to binairy packages.
* debian/control: added Vcs-git and Vcs-Browser tags.
* debian/control: added hardening-includes to dependecies.
* debian/init: added Description tag.
* debian/init, debian/component.d/*: added status option.
* debian/init, debian/default: removed resolver entries.
* debian/rules: removed unrecognized enable-sasl and disable-rpath
options and added --with-sasl=gsasl option to configure.
* debian/rules: include hardening options.
* debian/rules: added build-arch, build-indep.
* Now quilt 3.0 compatible.
* debian/preinst, debian/postrm: removed resolver entries.
* debian/lintian-overrides: overrides false positives.
* Added patches man_hypen.diff, sm_typo.diff and usr_etc.diff.
* Add patch to remove config.guess and config.sub from upstream.
debian/rules: remove 'rm config.guess and config.sub'.
* Bumped up Standards Version to 3.9.4.
* Bumped up debhelper to 9.
Checksums-Sha1:
5af575385098900d0e4f8e698583b00d5547bf3b 2132 jabberd2_2.2.17-1.dsc
2b94707e0a06d07ba0329760d308460edf0f1cd8 1382124 jabberd2_2.2.17.orig.tar.xz
0675c8f009777e3b063234845224cb12ae8bb36e 34451 jabberd2_2.2.17-1.debian.tar.gz
9d0fb46a23e632158ee470be4a97d074562f371d 681902 jabberd2_2.2.17-1_amd64.deb
Checksums-Sha256:
c3c9f431ee2ff829b9d96453e8d0fe62e8dfa12a473d6338732f80d89effd685 2132 jabberd2_2.2.17-1.dsc
0be815dfa1e450cd7416a9a2046c6f9ad547b11b562b6d0bf33520594e03b647 1382124 jabberd2_2.2.17.orig.tar.xz
ebd0d76984da5dffb33cf37adffee5c1705d74ffdf925c30a8ec90c431c16fa5 34451 jabberd2_2.2.17-1.debian.tar.gz
b6cc20f1746a0a677c715d9d288361140288712b8485a3397a0ea9402c5884f1 681902 jabberd2_2.2.17-1_amd64.deb
Files:
e6fc9c2f5a8d379ea2bd4b166252ec5f 2132 net optional jabberd2_2.2.17-1.dsc
8b7d654deaa6566e58ab6630112f9b10 1382124 net optional jabberd2_2.2.17.orig.tar.xz
90e816a87deafe2310e6395cf895d610 34451 net optional jabberd2_2.2.17-1.debian.tar.gz
3a28cb4bebcf7c4dfc5ed5e0c1280594 681902 net optional jabberd2_2.2.17-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJR7/JrAAoJEOm1uwJp1aqDIAwP/2xxMvm0WDy/Cc46fxinXEjY
GVEUHMCw5fuyzraFalw55IfXzrP+RFxMHAoSifY8BizCgUOMmjhu5DMb1JoRpH24
1hwFlEr/2ozGD31M4TLDFBoYCvgxCIQ7gv+p7xb56h+tv4CXufW+du9WfZUw4P/k
wmNJ2vecieVAmTrq0XEJw6yJFURQI7oP+shl5crdgkBnpfRuolv7JU0NgnWbUQGp
inXgU3RyzYaaAm0bcQ4TZDaJB3tR8YFjcFVFippC0Ep4yu3Ky4GWpF/VJzgkvOIs
LUD3r40RiBnbxRnQ/I3LfcBhMEUTupje5MQZ8srsoxALvQDJJQFI8+kEDcuJ7fLe
fmEZ5SWKE1gWqqRIIYhRDR36jjlHWeT4CQmXonjVtBQo351njUcu4qZ0doxECWTJ
rH47xc9nRPMxff3UxRsyAISIfC44/OXyVmRnIjUpAliyfSuz9UlKE+Qr6cbGNBYy
bPt6X5QMIUZpKzNe19m4tg/Em/hxiezWtsHk4JM0zR40yVFFkkn1m5tBXR8Q4fXy
cldgiEWrltKFangGbrg0mMilSBEqlntbLW3c7x0Fb1mWo+IXSN2g5RVubphxMcWX
XJw2Xzx5APOSlNYBo7B/hU2n+Ya+0YADQM2QmkDzHrlQb9fOZcQlfVcBELSmj3ef
sglRQydnTjQqhH+XwAoM
=inRG
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 01 Sep 2013 07:32:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:46:54 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon