Summary: | <net-im/jabberd2-2.6.1: Allows to authenticate using SASL ANONYMOUS even if disabled / Denial of Service | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed, polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/07/04/6 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
net-im/jabberd2-2.6.1
|
Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2017-07-04 15:39:47 UTC
@poly-c: Adding you to CC as you were last one to bump this package, are you interested in taking over maintainership? stabilizing 2.6.1 should be enough for this amd64 stable dropping ppc. no need to stabilize package masked for removal. Feel free to readd is decision is reverted. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b50a30689fca4c60d2b4e625f341daff116e51b6 commit b50a30689fca4c60d2b4e625f341daff116e51b6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-03-03 17:15:10 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-03-03 17:15:10 +0000 net-im/jabberd2: Removed from repository Bug: https://bugs.gentoo.org/623806 net-im/jabberd2/Manifest | 2 - net-im/jabberd2/files/jabberd2-2.3.1.pamd | 6 - net-im/jabberd2/files/jabberd2-2.3.2.init | 96 ----------- net-im/jabberd2/files/jabberd2-2.3.2.logrotate | 8 - net-im/jabberd2/files/jabberd2-2.5.0.init | 90 ---------- net-im/jabberd2/jabberd2-2.3.3-r2.ebuild | 159 ----------------- net-im/jabberd2/jabberd2-2.6.1.ebuild | 190 --------------------- net-im/jabberd2/metadata.xml | 15 -- profiles/arch/sparc/package.use.mask | 4 - profiles/package.mask | 6 - x11-misc/screen-message/screen-message-0.24.ebuild | 5 +- x11-misc/screen-message/screen-message-0.25.ebuild | 5 +- 12 files changed, 4 insertions(+), 582 deletions(-)} Package was removed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b50a30689fca4c60d2b4e625f341daff116e51b6. Added to an existing GLSA request filed. This issue was resolved and addressed in GLSA 201803-07 at https://security.gentoo.org/glsa/201803-07 by GLSA coordinator Christopher Diaz Riveros (chrisadr). |