[kopete] [Bug 376348] New: CVE 2017-5593: User Impersonation Vulnerability in Jabber protocol

Pali Rohár Sat, 11 Feb 2017 04:22:40 -0800

https://bugs.kde.org/show_bug.cgi?id=376348


            Bug ID: 376348
           Summary: CVE 2017-5593: User Impersonation Vulnerability in
                    Jabber protocol
           Product: kopete
           Version: unspecified
          Platform: Other
                OS: All
            Status: UNCONFIRMED
          Severity: critical
          Priority: NOR
         Component: Jabber Plugin
          Assignee: kopete-bugs-n...@kde.org
          Reporter: pali.ro...@gmail.com
  Target Milestone: ---

Kopete since 16.11.80 is vulnerable for CVE 2017-5593 (User Impersonation
Vulnerability) as it uses same XMPP library as Psi (libiris).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5593
http://seclists.org/oss-sec/2017/q1/373

Fix for libiris:
https://github.com/psi-im/iris/pull/47/commits/02e976d4426a1319a7af7d26d7aba9d8c6077570

-- 
You are receiving this mail because:
You are watching all bug changes.

[kopete] [Bug 376348] New: CVE 2017-5593: User Impersonation Vulnerability in Jabber protocol

Reply via email to