File: CVE-2021-41055.patch

package info (click to toggle)
python-nbxmpp 2.0.2-1%2Bdeb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,120 kB
  • sloc: python: 14,949; makefile: 8
file content (21 lines) | stat: -rw-r--r-- 796 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
Description: Correction: Ignore messages where message id == replace id
Author: lovetox <philipp@hoerist.com>
Origin: upstream
Bug: https://dev.gajim.org/gajim/gajim/-/issues/10638
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-41055
Applied-Upstream: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f76
Last-Update: 2022-01-19
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/nbxmpp/modules/correction.py
+++ b/nbxmpp/modules/correction.py
@@ -44,4 +44,9 @@
             self._log.warning(stanza)
             return
 
+        if stanza.getID() == id_:
+            self._log.warning('correcton id == message id')
+            self._log.warning(stanza)
+            return
+
         properties.correction = CorrectionData(id_)