According to upstream bug report: Pali Rohár 2017-02-11 12:21:58 UTC Kopete since 16.11.80 is vulnerable for CVE 2017-5593 (User Impersonation Vulnerability) as it uses same XMPP library as Psi (libiris). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5593 http://seclists.org/oss-sec/2017/q1/373 Fix for libiris: https://github.com/psi-im/iris/pull/47/commits/02e976d4426a1319a7af7d26d7aba9d8c6077570
Fix backported in 16.12.2-r1: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b90cb8d975dfbe549c209198e9e13ae4b6c4d035 Vulnerable version removed https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb0eeec58bab812e647153b4f3825389e69f6ec6
Thank you for report. Issue does not affect versions that have been in stable, as such does not require stabilisation and GLSA will not be issued. The bug can be closed after CVE is assigned in CVETool and whiteboard contains cve tag
16.12.0 is stable and affected, which means 16.12.2-r1 should get stabilised.
Arches please stabilize =kde-apps/kopete-16.12.2-r1. Thanks in advance. Target: amd64 x86
An automated check of this bug failed - the following atom is unknown: kde-apps/kopete-16.12.2-r1 Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
amd64 stable
x86 stable. Maintainer(s), please cleanup.
Last vulnerable version removed. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b8e68319d85f680bdc02706c57c3fc41132609d
GLSA Vote: No Repository is clean, all done.