Summary: | <net-im/jabberd2-2.3.1-r1: XMPP dialback domain spoofing (CVE-2012-3525) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bug, cyberbat83, hasufell, marko.durkovic, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 314473 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2012-08-27 07:56:43 UTC
jabberd-2.2.17.tar.xz — jabberd 2.2.17 release 1.3MB · Uploaded 20 hours ago includes the fix Should be bug #314473 blocker for this bug? Near half of year passed from reporting this bug, upstream has released fixed version, but we don't have it in the portage tree. It's really pity :( (In reply to cyberbat from comment #3) > Near half of year passed from reporting this bug, upstream has released > fixed version, but we don't have it in the portage tree. It's really pity :( bumped 2.2.17 is gone from tree, current non-vulnerable version in tree is 2.3.1-r1 @maintainers: is it OK to stable it? yes Arches, please test and mark stable: =net-im/jabberd2-2.3.1-r1 Target Keywords : "amd64 ppc spark x86" amd64 stable x86 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Agostino Sarubbo from comment #11) > > Maintainer(s), please cleanup. done Thanks for your work. GLSA vote: no GLSA vote: no. Closing as [noglsa]. |