608838 – (CVE-2017-5591) dev-python/sleekxmpp: User Impersonation Vulnerability via Message Carbons (CVE-2017-5591)

Bug 608838 (CVE-2017-5591) - dev-python/sleekxmpp: User Impersonation Vulnerability via Message Carbons (CVE-2017-5591)

Summary: dev-python/sleekxmpp: User Impersonation Vulnerability via Message Carbons (C...

Status:	RESOLVED FIXED

Alias:	CVE-2017-5591

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Deadline:	2020-09-15
Assignee:	Gentoo Security

URL:	https://github.com/fritzy/SleekXMPP/i...
Whiteboard:	B4 [noglsa cve]
Keywords:	PMASKED

Depends on:	735830
Blocks:
	Show dependency tree

Reported:	2017-02-10 09:10 UTC by Hanno Böck
Modified:	2021-02-20 19:36 UTC (History)
CC List:	2 users (show)

See Also:	703214
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2017-02-10 09:10:29 UTC

See:
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/

The latest version is still affected, I haven't found an upstream bug report.

Comment 1 Sam James archtester

2020-05-05 22:33:39 UTC

https://github.com/fritzy/SleekXMPP/issues/442#issuecomment-288894743 says fixed in 1.3.2 but this should just be treecleaned because it is superseded by slixmpp anyway.

Comment 2 John Helmert III archtester

2020-10-30 01:54:38 UTC

Package was dropped on 20200917.

Comment 3 John Helmert III archtester

2020-10-30 01:56:14 UTC

Sorry, shouldn't have closed without vote.

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-20 19:36:34 UTC

GLSA Vote: No

Repository is clean, all done!