Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5064-1] python-nbxmpp security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5064-1] python-nbxmpp security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5064-1] python-nbxmpp security update
  • Date: Sat, 29 Jan 2022 22:48:37 +0000
  • List-archive: https://lists.debian.org/msgid-search/20220129224837.GA4700 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=paTVG+z+LrdLLtgQKCmf7mfXXYAEelPbWAPa6snY9zo=; b=u1 77q48s81c+OWCFXwwlJghgFBfM04dBtbhuUFV29qlhEtXNYjPYhaDw1Qke+cL7ZRuE5IY59SNKRbG R51+A4KRRpisxA9U75KhzDucdcBFBkY83/6dP7lgBGzC3NCiofSh9tEzDhqKkjwGsZ1fTQjNvhY9z OYP9UCLTSOTJIyEJ9bqwAeBh1JgEptEvkq05IJ8yx67y8d2HHchFZX6wy8KvRKlMYtFC4rh+fTQvh /vqUL3HH6ZHX8S2AByYBtmBRnaaQINFqfQZOH0h1hnHTxRYNn/Db0KqCCW2kbvx79Plp3/kTJvBAa +rxZME1Z8ul4zrOCTnMYYj9MKi0wjQkg==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 29 Jan 2022 22:48:54 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <mthKBauX2WB.A.kLF.WRc9hB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5064-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 29, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-nbxmpp
CVE ID : CVE-2021-41055

It was discovered that missing input sanitising in python-nbxmpp, a
Jabber/XMPP Python library, could result in denial of service in clients
based on it (such as Gajim).

The oldstable distribution (buster) is not affected.

For the stable distribution (bullseye), this problem has been fixed in
version 2.0.2-1+deb11u1.

We recommend that you upgrade your python-nbxmpp packages.

For the detailed security status of python-nbxmpp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-nbxmpp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH1w3kACgkQEMKTtsN8
TjZkPxAAim/4BtjieggxtFMehBNE7hQot3vFlLiwLS62blskJhNbMlY8xjUgk49D
Bmwh/jXUdiCEWuFfo1bDoXrGH3rcC3wYDELveguvpV/w71S2S385w/Tsm2rkkWcm
TeiGh//2ejcGQpsBMdHc7zMLz4w3s6UPHpdw5dhK43jmSsLT4ksIDMraISCFigWc
GOy105Wyq7wv7wOutRT4bHxgoKWJvCBuBUB/4tIAuE0Ff/tiNeD8NYVXScbs5eFZ
XRtYRTxtvdYfeW9FZyxYD51ABkdR7qQTPSewM9sT9Zd7ktfgkdn+DJVwlj7Vpn+o
TTCz7AkNWkSvsD6nGe4J70W97K4nWE8wc67MQoSFZ5U12bx4CIGc3yBYCiq5uYiu
hJePSU0g68+yvYM4J4mucuXhlsFnPFED2Pq635lGTBK7JFHXabNm1McD31L0fPUT
hlNdkew8pZaEr1K7xMcf5YGK1rEhdJ1dOBzO0W43H2HUQJwQwPuaVbPFOKyMFTX2
uyiWcPGlo9kC09e39tJHzhKgKr0wLRvVjYpqP4XsqqFDby0Ks11kc0D94ubygfF+
z59kJbEBHffON5opGXOVYak0dPqxFvF/iZtYrUGEBDBjS7b38Dkd9JvDd15mW+mg
/FFqkNte9ByDtC/6akj079Ikre/9DS0MDrLKPWkiRHQhhr2mqzw=
=BKk1
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5064-1] python-nbxmpp security update, Moritz Muehlenhoff, 29.01.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang