1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5064-1] python-nbxmpp security update

    From Moritz Muehlenhoff@21:1/5 to All on Sat Jan 29 23:50:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5064-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-nbxmpp
    CVE ID : CVE-2021-41055

    It was discovered that missing input sanitising in python-nbxmpp, a
    Jabber/XMPP Python library, could result in denial of service in clients
    based on it (such as Gajim).

    The oldstable distribution (buster) is not affected.

    For the stable distribution (bullseye), this problem has been fixed in
    version 2.0.2-1+deb11u1.

    We recommend that you upgrade your python-nbxmpp packages.

    For the detailed security status of python-nbxmpp please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python-nbxmpp

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH1w3kACgkQEMKTtsN8 TjZkPxAAim/4BtjieggxtFMehBNE7hQot3vFlLiwLS62blskJhNbMlY8xjUgk49D Bmwh/jXUdiCEWuFfo1bDoXrGH3rcC3wYDELveguvpV/w71S2S385w/Tsm2rkkWcm TeiGh//2ejcGQpsBMdHc7zMLz4w3s6UPHpdw5dhK43jmSsLT4ksIDMraISCFigWc GOy105Wyq7wv7wOutRT4bHxgoKWJvCBuBUB/4tIAuE0Ff/tiNeD8NYVXScbs5eFZ XRtYRTxtvdYfeW9FZyxYD51ABkdR7qQTPSewM9sT9Zd7ktfgkdn+DJVwlj7Vpn+o TTCz7AkNWkSvsD6nGe4J70W97K4nWE8wc67MQoSFZ5U12bx4CIGc3yBYCiq5uYiu hJePSU0g68+yvYM4J4mucuXhlsFnPFED2Pq635lGTBK7JFHXabNm1McD31L0fPUT hlNdkew8pZaEr1K7xMcf5YGK1rEhdJ1dOBzO0W43H2HUQJwQwPuaVbPFOKyMFTX2 uyiWcPGlo9kC09e39tJHzhKgKr0wLRvVjYpqP4XsqqFDby0Ks11kc0D94ubygfF+ z59kJbEBHffON5opGXOVYak0dPqxFvF/iZtYrUGEBDBjS7b38Dkd9JvDd15mW+mg /FFqkNte9ByDtC/6akj079Ikre/9DS0MDrLKPWkiRHQhhr2mqzw=
    =BKk1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)