See: http://seclists.org/oss-sec/2016/q4/650 This is fixed in 1.0.4, which is already in the tree, but not stable yet.
This is the same vulnerability seen in Gajim first, see bug 569936 for details. @ Arches, please test and mark stable: =net-im/mcabber-1.0.4
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA Vote: No
@maintainer, please inform security once the package is cleaned so we can close. Thanks!
@security: the vulnerable version has been removed.