Summary: | misfiled: net-im/jabberd2: Prone to unsolicited XMPP Dialback attacks (CVE-2012-3525) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=850872 | ||
Whiteboard: | B4 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-08-23 10:44:02 UTC
jabberd2 != ejabberd (In reply to comment #1) > jabberd2 != ejabberd ' eix -s jabberd2 You will see: http://jabberd2.xiaoka.com/ . In that link you can see the link to download it: https://github.com/downloads/Jabberd2/jabberd2/jabberd-2.2.16.tar.gz Since the commit code link is: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d , I'd say this is the same package. If you don't trust me: wget https://github.com/downloads/Jabberd2/jabberd2/jabberd-2.2.16.tar.gz tar xzf jabberd-2.2.16.tar.gz cd jabberd-2.2.16 find . -name out.c ./s2s/out.c and check it manually Of course jabberd2 is jabberd2, but jabberd2 is not ejabberd. sorry, but if the problem is on jabberd2 and we have jabberd2 in the main tree, why is invalid...and where did you see ejabberd? (In reply to comment #4) > sorry, but if the problem is on jabberd2 and we have jabberd2 in the main > tree, why is invalid...and where did you see ejabberd? YOU filed it as "net-im/ejabberd : Prone to unsolicited XMPP Dialback attacks (CVE-2012-3525)". (In reply to comment #5) > YOU filed it as "net-im/ejabberd : Prone to unsolicited XMPP Dialback > attacks (CVE-2012-3525)". is more easy change the summary instead of close the bug as invalid (In reply to comment #6) > (In reply to comment #5) > > YOU filed it as "net-im/ejabberd : Prone to unsolicited XMPP Dialback > > attacks (CVE-2012-3525)". > > is more easy change the summary instead of close the bug as invalid Not if we already have another bug linked to the CVE. Also, as an actual member of the Security team, I handle bugs the way I think best, thank you very much. |