Bug 19804 - ejabberd security vulnerability CVE-2014-8760
Summary: ejabberd security vulnerability CVE-2014-8760
Status: RESOLVED DUPLICATE of bug 14305
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-17 08:30 CET by Zombie Ryushu
Modified: 2016-11-20 04:01 CET (History)
1 user (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2016-11-17 08:30:44 CET 
A flaw was discovered in ejabberd that allows clients to connect
with an unencrypted connection even if starttls_required is set
(CVE-2014-8760).

ejabberd is several years old, and needs to be upgraded to the latest stable release.
Comment 1 Nicolas Lécureuil 2016-11-17 08:55:08 CET 
i am not sure it build against mga5 erlang, but we can test

CC: (none) => mageia

Comment 2 David Walser 2016-11-17 16:41:13 CET 
Already fixed a long time ago:
http://advisories.mageia.org/MGASA-2014-0417.html

*** This bug has been marked as a duplicate of bug 14305 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 3 Zombie Ryushu 2016-11-19 22:16:10 CET 
I would still like an attemptd update of ejabberd against Mageia 6, possibly with an updated erlang.
Comment 4 David Walser 2016-11-20 00:30:34 CET 
(In reply to Zombie Ryushu from comment #3)
> I would still like an attemptd update of ejabberd against Mageia 6, possibly
> with an updated erlang.

Nicolas is working on that.
Comment 5 Zombie Ryushu 2016-11-20 03:47:42 CET 
Alright then, keep me posted.
Comment 6 Zombie Ryushu 2016-11-20 04:01:04 CET 
I am making builds on the Rosa Cluster, 

My commit history is here:
https://abf.rosalinux.ru/zombie/erlang
Note You need to log in before you can comment on or make changes to this bug.