Bug 19804

Summary: ejabberd security vulnerability CVE-2014-8760
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Zombie Ryushu 2016-11-17 08:30:44 CET 
A flaw was discovered in ejabberd that allows clients to connect
with an unencrypted connection even if starttls_required is set
(CVE-2014-8760).

ejabberd is several years old, and needs to be upgraded to the latest stable release.
Comment 1 Nicolas Lécureuil 2016-11-17 08:55:08 CET 
i am not sure it build against mga5 erlang, but we can test

CC: (none) => mageia

Comment 2 David Walser 2016-11-17 16:41:13 CET 
Already fixed a long time ago:
http://advisories.mageia.org/MGASA-2014-0417.html

*** This bug has been marked as a duplicate of bug 14305 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 3 Zombie Ryushu 2016-11-19 22:16:10 CET 
I would still like an attemptd update of ejabberd against Mageia 6, possibly with an updated erlang.
Comment 4 David Walser 2016-11-20 00:30:34 CET 
(In reply to Zombie Ryushu from comment #3)
> I would still like an attemptd update of ejabberd against Mageia 6, possibly
> with an updated erlang.

Nicolas is working on that.
Comment 5 Zombie Ryushu 2016-11-20 03:47:42 CET 
Alright then, keep me posted.
Comment 6 Zombie Ryushu 2016-11-20 04:01:04 CET 
I am making builds on the Rosa Cluster, 

My commit history is here:
https://abf.rosalinux.ru/zombie/erlang