close Warning: Failed to sync with repository "(default)": [Errno 12] Cannot allocate memory; repository information may be out of date. Look in the Trac log for more information including mitigation strategies.

Changes between Version 2 and Version 3 of Ticket #1282


Ignore:
Timestamp:
2017-01-31T15:48:16Z (8 years ago)
Author:
dx
Comment:

CVE-2016-10189 and CVE-2017-5668 have been assigned for the first issue and its incomplete fix respectively.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1282 – Description

    v2 v3  
    55malicious remote clients.
    66
     7CVE-2016-10189 has been assigned for this first issue.
     8
    79Additionally, due to an incomplete fix of the issue above in BitlBee
    8103.5, the bitlbee-libpurple variant is still affected in 3.5.
     11
     12CVE-2017-5668 has been assigned for this second issue.
    913
    1014== Impact ==
     
    7579== References ==
    7680
    77 Incomplete fix commit included in 3.5:
     81CVE-2016-10189: Incomplete fix commit included in 3.5:
    7882
    7983https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f
    8084
    81 Libpurple specific bugfix commit included in 3.5.1:
     85CVE-2017-5668: Libpurple specific bugfix commit included in 3.5.1:
    8286
    8387https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441