[SECURITY] Fedora 20 Update: smack-3.2.2-6.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Mon Dec 15 04:29:51 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-16383
2014-12-06 01:55:29
--------------------------------------------------------------------------------
Name : smack
Product : Fedora 20
Version : 3.2.2
Release : 6.fc20
URL : http://www.igniterealtime.org/projects/smack/index.jsp
Summary : Open Source XMPP (Jabber) client library
Description :
Smack is an Open Source XMPP (Jabber) client library for instant
messaging and presence. A pure Java library, it can be embedded
into your applications to create anything from a full XMPP client
to simple XMPP integrations such as sending notification messages and
presence-enabling devices.
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2014-0363 (rhbz#1093274)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 4 2014 gil cattaneo <puntogil at libero.it> 3.2.2-6
- fix for CVE-2014-0363 (rhbz#1093274)
- remove jzlib systemPath in smackx pom
* Thu Aug 21 2014 gil cattaneo <puntogil at libero.it> 3.2.2-5
- fix for CVE-2014-5075 (rhbz#1127277)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093273 - CVE-2014-0363 smack: incorrect X.509 certificate validation
https://bugzilla.redhat.com/show_bug.cgi?id=1093273
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update smack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list