Security update for mcabber SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3218-1 Final 1 1 2016-12-21T16:26:03Z current 2016-12-21T16:26:03Z 2016-12-21T16:26:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mcabber This update for mcabber fixes the following issues: - Update to version 1.0.4 (changes since 1.0.2): * Check the origin of roster pushes (boo#1014976, CVE-2015-8688 (Gajim), https://gultsch.de/gajim_roster_push_and_message_interception.html) * Link with the tinfo library. * Fix default modules directory on OpenBSD. * Create the history log directory if it doesn't exist. * [OTR] Do not send empty subjects. * [UI] /set does not display password values anymore. * [MUC] Use nick to set the role. * Misc help/documentation updates. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-12/msg00129.html E-Mail link for openSUSE-SU-2016:3218-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 mcabber-1.0.4-3.1 mcabber-devel-1.0.4-3.1 mcabber-1.0.4-3.1 as a component of openSUSE Leap 42.2 mcabber-devel-1.0.4-3.1 as a component of openSUSE Leap 42.2 Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. CVE-2015-8688 openSUSE Leap 42.2:mcabber-1.0.4-3.1 openSUSE Leap 42.2:mcabber-devel-1.0.4-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00129.html https://www.suse.com/security/cve/CVE-2015-8688.html CVE-2015-8688 https://bugzilla.suse.com/1014976 SUSE Bug 1014976 https://bugzilla.suse.com/960668 SUSE Bug 960668