Package: sleekxmpp / 1.3.1-6

Metadata

Package Version Patches format
sleekxmpp 1.3.1-6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2017 5591.patch | (download)

sleekxmpp/plugins/xep_0280/carbons.py | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 fix for cve-2017-5591
 An incorrect implementation of XEP-0280: Message Carbons in slixmpp allows a
 remote attacker to impersonate any user, including contacts, in the vulnerable
 application's display. This allows for various kinds of social engineering
 attacks.
0001 get rid of embedded copies dateutil gnupg ordereddic.patch | (download)

sleekxmpp/jid.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0004/stanza/form.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0027/gpg.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0065/proxy.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0071/stanza.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0082.py | 3 2 + 1 - 0 !
sleekxmpp/plugins/xep_0131/stanza.py | 2 1 + 1 - 0 !
sleekxmpp/plugins/xep_0138.py | 1 0 + 1 - 0 !
sleekxmpp/plugins/xep_0202/stanza.py | 2 1 + 1 - 0 !
sleekxmpp/stanza/stream_features.py | 2 1 + 1 - 0 !
sleekxmpp/thirdparty/__init__.py | 13 1 + 12 - 0 !
sleekxmpp/thirdparty/gnupg.py | 1017 0 + 1017 - 0 !
sleekxmpp/thirdparty/mini_dateutil.py | 273 0 + 273 - 0 !
sleekxmpp/thirdparty/ordereddict.py | 127 0 + 127 - 0 !
sleekxmpp/thirdparty/socks.py | 387 0 + 387 - 0 !
sleekxmpp/xmlstream/stanzabase.py | 2 1 + 1 - 0 !
tests/test_stanza_element.py | 2 1 + 1 - 0 !
tests/test_stanza_xep_0004.py | 2 1 + 1 - 0 !
18 files changed, 14 insertions(+), 1829 deletions(-)

 get rid of embedded copies: dateutil, gnupg, ordereddict, socks


002 fix_tls_version_check.patch | (download)

sleekxmpp/xmlstream/xmlstream.py | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 use ssl.get_protocol_name() to find out which tls version is
 in use (allows the latest TLS versions to be used as well as any future
 versions).