Custom Query (1098 matches)
Results (13 - 15 of 1098)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1287 | not-feasible | Hipchat Guest Access | ||
Description |
Is there a way to access a Hipchat Guest Access channel? I cannot find details in the docs. https://confluence.atlassian.com/hipchat/guest-access-740001159.html |
|||
#1283 | invalid | Signal support | ||
Description |
It would be awesome to have support for Signal in BitlBee. I know, this won't happen immediately, and patches welcome, but let's just start with having a Ticket where we can collect information. There's now a usable project signal-cli: https://github.com/AsamK/signal-cli And there is a script to use signal-cli in WeeChat: https://github.com/thefinn93/signal-weechat Maybe one could build on that? |
|||
#1282 | fixed | Null pointer dereference with file transfer request from unknown contacts | ||
Description |
DescriptionReceiving a file transfer request from a contact not in the contact list results in a null pointer dereference, leading to remote DoS by malicious remote clients. CVE-2016-10189 has been assigned for this first issue. Additionally, due to an incomplete fix of the issue above in BitlBee 3.5, the bitlbee-libpurple variant is still affected in 3.5. CVE-2017-5668 has been assigned for this second issue. ImpactThis results in denial of service (remote crash of the BitlBee instance). Remote code execution does not seem to be possible (fixed offset) For BitlBee servers configured in ForkDaemon mode (default) or inetd mode, the crash is limited to one user connection, who may just reconnect. CVSS for bitlbee 3.4.2 and lower:
CVSS for bitlbee-libpurple 3.5:
Affected versionsbitlbee-libpurple 3.5 or older bitlbee (non-libpurple builds) 3.4.2 or older Unaffected versionsbitlbee-libpurple 3.5.1 or newer bitlbee (non-libpurple builds) 3.5 or newer Resolution
0001-Fix-null-pointer-dereference-on-ft-attempts-3.5.patch
0001-Fix-null-pointer-dereference-on-ft-attempts-3.4.x.patch
0001-Fix-null-pointer-dereference-on-ft-attempts-3.0.x-3.2.x.patch DiscussionThe issue from 3.4.2 and older only affects the jabber protocol, which is the only non-purple protocol which implements file transfers. The issue that is still present in 3.5 affects any libpurple protocol that implements file transfers when used through BitlBee. It does not affect other libpurple-based clients such as pidgin. There's no visible effect of the issue other than the crash. ReferencesCVE-2016-10189: Incomplete fix commit included in 3.5: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f CVE-2017-5668: Libpurple specific bugfix commit included in 3.5.1: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 |