Debian has issued an advisory on January 29: https://www.debian.org/security/2022/dsa-5064 The issue is fixed upstream in 2.0.4.
Status comment: (none) => Fixed upstream in 2.0.4
Assigning to Python maintainers; CC'ing Sander who has had most to do with 'python-nbxmpp'.
Assignee: bugsquad => pythonCC: (none) => mageia
Updated package uploaded by papoteur for Mageia 8. RPM: python3-nbxmpp-2.0.4-1.mga8 SRPM: python-nbxmpp-2.0.4-1.mga8.src.rpm
Status comment: Fixed upstream in 2.0.4 => (none)Assignee: python => qa-bugsCC: (none) => yves.brungard_mageia
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues Developer's library, OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Hello, This lib is used by gajim for XMPP protocol exchanges.
Gajim is an instant messaging app, so it seems we need someone to test with that. Removing the OK, for now. I haven't used instant messaging other than on Facebook for years, so I'm out. Any takers?
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: MGA8-64-OK => (none)
Keywords: validated_update => (none)
Created a jabber account, installed gajim and connected with that account. strace shows refs to python3-nbxmpp. So OK for me.
Whiteboard: (none) => MGA8-64-OK
Thank you, Herman. Validating.
Keywords: (none) => validated_update
Advisory committed to svn as ... type: security subject: Updated python-nbxmpp packages fix security vulnerability CVE: - CVE-2021-41055 src: 8: core: - python-nbxmpp-2.0.4-1.mga8 description: | Missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it (such as Gajim). references: - https://bugs.mageia.org/show_bug.cgi?id=29989 - https://www.debian.org/security/2022/dsa-5064
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0179.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED