A security issue in jitsi has been announced on February 9: http://openwall.com/lists/oss-security/2017/02/09/29 The issue was fixed upstream in 2.10, recently uploaded for Cauldron by David. The commit that fixed the issue is linked in the message above. Mageia 5 is affected.
Done for mga5!
Thanks David! Advisory: ======================== Updated jitsi package fixes security vulnerability: An incorrect implementation of XEP-0280: Message Carbons in Jitsi and other XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks (CVE-2017-5603). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5603 http://openwall.com/lists/oss-security/2017/02/09/29 ======================== Updated packages in core/updates_testing: ======================== jitsi-2.6-1.1.mga5 from jitsi-2.6-1.1.mga5.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Just testing that the package is functional, as I'm not clear on exactly how to use the info provided to recreate the problem. Tested on both i586 and x86_64.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
David Geiger, Just a heads up that it appears that kopete needs a patch to fix this in Cauldron also, according to Arch: https://lwn.net/Vulnerabilities/714423/
(In reply to David Walser from comment #4) > David Geiger, > Just a heads up that it appears that kopete needs a patch to fix this in > Cauldron also, according to Arch: > https://lwn.net/Vulnerabilities/714423/ Upstream fix found by David: https://cgit.kde.org/kopete.git/commit/?id=6243764c4fd0985320d4a10b48051cc418d584ad
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0049.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => https://lwn.net/Vulnerabilities/715041/