Package: slixmpp | Debian Sources

Package: slixmpp / 1.2.2-1.1

Metadata

Package	Version	Patches format
slixmpp	1.2.2-1.1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable incorrect tests.patch \| (download)	tests/test_stanza_message.py \| 10 0 + 10 - 0 ! tests/test_stream_roster.py \| 140 0 + 140 - 0 ! 2 files changed, 150 deletions(-)	disable failing tests Slixmpp 1.2.2 corrected a vulnerability to rogue roster update (CVE-2015-8688), but that had the side effect of making many tests fail as they relied on that. . This patch removes these tests, until they are adapted and work again.
CVE 2017 5591.patch \| (download)	slixmpp/plugins/xep_0280/carbons.py \| 6 4 + 2 - 0 ! 1 file changed, 4 insertions(+), 2 deletions(-)	cve-2017-5591 An incorrect implementation of XEP-0280: Message Carbons in slixmpp allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. Bug-Debian: https://bugs.debian.org/854740

Patch

File delta

Description

disable incorrect tests.patch | (download)

tests/test_stanza_message.py | 10 0 + 10 - 0 !
tests/test_stream_roster.py | 140 0 + 140 - 0 !
2 files changed, 150 deletions(-)

 disable failing tests
 Slixmpp 1.2.2 corrected a vulnerability to rogue roster update
 (CVE-2015-8688), but that had the side effect of making many tests fail
 as they relied on that.
 .
 This patch removes these tests, until they are adapted and work again.

CVE 2017 5591.patch | (download)

slixmpp/plugins/xep_0280/carbons.py | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 cve-2017-5591

An incorrect implementation of XEP-0280: Message Carbons in slixmpp allows a
remote attacker to impersonate any user, including contacts, in the vulnerable
application's display. This allows for various kinds of social engineering
attacks.

Bug-Debian: https://bugs.debian.org/854740