[Bug 1153839] New: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Bug ID: 1153839 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mmcallis@redhat.com CC: erlang@lists.fedoraproject.org, extras-orphan@fedoraproject.org, jkaluza@redhat.com, lemenkov@gmail.com, martin@laptop.org, mmahut@redhat.com
It was reported that clients could unexpectedly connect without encryption:
http://mail.jabber.org/pipermail/operators/2014-October/002438.html
Upstream fix (master):
https://github.com/processone/ejabberd/commit/7bdc1151b
References: http://seclists.org/oss-sec/2014/q4/312
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Murray McAllister mmcallis@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1153840 Depends On| |1153841 Depends On| |1153842
--- Comment #1 from Murray McAllister mmcallis@redhat.com ---
Created ejabberd tracking bugs for this issue:
Affects: fedora-all [bug 1153840] Affects: epel-5 [bug 1153841] Affects: epel-6 [bug 1153842]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1153840 [Bug 1153840] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1153841 [Bug 1153841] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=1153842 [Bug 1153842] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Murray McAllister mmcallis@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1153843
https://bugzilla.redhat.com/show_bug.cgi?id=1153839 Bug 1153839 depends on bug 1153842, which changed state.
Bug 1153842 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1153842
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX
https://bugzilla.redhat.com/show_bug.cgi?id=1153839 Bug 1153839 depends on bug 1153841, which changed state.
Bug 1153841 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=1153841
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX
https://bugzilla.redhat.com/show_bug.cgi?id=1153839 Bug 1153839 depends on bug 1153840, which changed state.
Bug 1153840 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1153840
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Ján Rusnačko jrusnack@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014 |1013,reported=20141013,sour |1013,reported=20141013,sour |ce=osssecurity,cvss2=5.8/AV |ce=oss-security,cvss2=5.8/A |:N/AC:M/Au:N/C:P/I:P/A:N,fe |V:N/AC:M/Au:N/C:P/I:P/A:N,f |dora-all/ejabberd=affected, |edora-all/ejabberd=affected |epel-5/ejabberd=affected,ep |,epel-5/ejabberd=affected,e |el-6/ejabberd=affected |pel-6/ejabberd=affected
erlang@lists.fedoraproject.org
-
Red Hat Bugzilla