Summary: | <net-im/bitlbee-3.5.1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Francis Booth <boothf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | radhermit |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.bitlbee.org/ticket/1281 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-im/bitlbee-3.5.1
|
Runtime testing required: | No |
Description
Francis Booth
2017-01-31 02:49:52 UTC
Upstream mentions this is theoretical and there is no PoC. Issue 1: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 Use CVE-2016-10188. Issue 2: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f Use CVE-2016-10189 for the issue with Jabber file transfers that was fixed by this commit. Issue 3: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 Use CVE-2017-5668. CVE-2017-5668 exists because of an incomplete fix for CVE-2016-10189. Fixes in 3.5.1 now in the tree. Feel free to start the stabilization process if wanted. @arches, please stabilize. amd64 stable ppc stable x86 stable. Maintainer(s), please cleanup. GLSA Vote: No @ Maintainer(s): Please cleanup and drop <net-im/bitlbee-3.5.1! tree is clean. |