6:58 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Bug ID: 1153839
Summary: CVE-2014-8760 ejabberd: clients can unexpectedly
connect without encryption
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mmcallis(a)redhat.com
CC: erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org,
mmahut(a)redhat.com
It was reported that clients could unexpectedly connect without encryption:
http://mail.jabber.org/pipermail/operators/2014-October/002438.html
Upstream fix (master):
https://github.com/processone/ejabberd/commit/7bdc1151b
References:
http://seclists.org/oss-sec/2014/q4/312
--
You are receiving this mail because:
You are on the CC list for the bug.
6:59 p.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Murray McAllister <mmcallis(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1153840
Depends On| |1153841
Depends On| |1153842
--- Comment #1 from Murray McAllister <mmcallis(a)redhat.com> ---
Created ejabberd tracking bugs for this issue:
Affects: fedora-all [bug 1153840]
Affects: epel-5 [bug 1153841]
Affects: epel-6 [bug 1153842]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1153840
[Bug 1153840] CVE-2014-8760 ejabberd: clients can unexpectedly connect
without encryption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1153841
[Bug 1153841] CVE-2014-8760 ejabberd: clients can unexpectedly connect
without encryption [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1153842
[Bug 1153842] CVE-2014-8760 ejabberd: clients can unexpectedly connect
without encryption [epel-6]
--
You are receiving this mail because:
You are on the CC list for the bug.
7 p.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Murray McAllister <mmcallis(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1153843
--
You are receiving this mail because:
You are on the CC list for the bug.
10:24 a.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Bug 1153839 depends on bug 1153842, which changed state.
Bug 1153842 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without
encryption [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1153842
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
10:24 a.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Bug 1153839 depends on bug 1153841, which changed state.
Bug 1153841 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without
encryption [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1153841
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
9:59 a.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Bug 1153839 depends on bug 1153840, which changed state.
Bug 1153840 Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without
encryption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1153840
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
2:28 a.m.
New subject: [Bug 1153839] CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
https://bugzilla.redhat.com/show_bug.cgi?id=1153839
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014
|1013,reported=20141013,sour |1013,reported=20141013,sour
|ce=osssecurity,cvss2=5.8/AV |ce=oss-security,cvss2=5.8/A
|:N/AC:M/Au:N/C:P/I:P/A:N,fe |V:N/AC:M/Au:N/C:P/I:P/A:N,f
|dora-all/ejabberd=affected, |edora-all/ejabberd=affected
|epel-5/ejabberd=affected,ep |,epel-5/ejabberd=affected,e
|el-6/ejabberd=affected |pel-6/ejabberd=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
3191
days inactive
3479
days old
erlang@lists.fedoraproject.org
6 comments
1 participants
participants (1)
-
Red Hat Bugzilla