Bug#520852: marked as done (CVE-2009-0934: Cross-site scripting (XSS) vulnerability in ejabberd)

[Debian Bug Tracking System]

Your message dated Tue, 21 Apr 2009 19:53:43 +0000
with message-id <e1lwm2j-0004lm...@ries.debian.org>
and subject line Bug#520852: fixed in ejabberd 2.0.1-6+lenny1
has caused the Debian Bug report #520852,
regarding CVE-2009-0934: Cross-site scripting (XSS) vulnerability in ejabberd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
520852: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520852
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ejabberd
Version: 2.0.3-1
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ejabberd.

CVE-2009-0934[0]:
| Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
| allows remote attackers to inject arbitrary web script or HTML via
| unknown vectors related to links and MUC logs.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Note: other versions might be also be affected.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0934
    http://security-tracker.debian.net/tracker/CVE-2009-0934

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

Source: ejabberd
Source-Version: 2.0.1-6+lenny1

We believe that the bug you reported is fixed in the latest version of
ejabberd, which is due to be installed in the Debian FTP archive:

ejabberd_2.0.1-6+lenny1.diff.gz
  to pool/main/e/ejabberd/ejabberd_2.0.1-6+lenny1.diff.gz
ejabberd_2.0.1-6+lenny1.dsc
  to pool/main/e/ejabberd/ejabberd_2.0.1-6+lenny1.dsc
ejabberd_2.0.1-6+lenny1_i386.deb
  to pool/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Konstantin Khomoutov <flatw...@users.sourceforge.net> (supplier of updated 
ejabberd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 16 Apr 2009 04:17:58 +0400
Source: ejabberd
Binary: ejabberd
Architecture: source i386
Version: 2.0.1-6+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Torsten Werner <twer...@debian.org>
Changed-By: Konstantin Khomoutov <flatw...@users.sourceforge.net>
Description: 
 ejabberd   - Distributed, fault-tolerant Jabber/XMPP server written in Erlang
Closes: 520852
Changes: 
 ejabberd (2.0.1-6+lenny1) stable-security; urgency=high
 .
   * Apply upstream security fix for CVE-2009-0934.
     (Closes: #520852)
Checksums-Sha1: 
 fdd374d91f17653293eb28dd1f2afa9e95e1bd5e 1387 ejabberd_2.0.1-6+lenny1.dsc
 7fbb21eb87206c1b40e5234927e2d6a20de66149 1054739 ejabberd_2.0.1.orig.tar.gz
 05ba59f2946a59b3f88cba30a73eda49c91a30ca 56231 ejabberd_2.0.1-6+lenny1.diff.gz
 cd215325b1b4c229135933bc1a10481847b8c50d 1190002 
ejabberd_2.0.1-6+lenny1_i386.deb
Checksums-Sha256: 
 d2d219fcd21a390fa5697bb4ef5474538077d30e6623c5aa1b4ce73133fa4dca 1387 
ejabberd_2.0.1-6+lenny1.dsc
 a5335517a443e80dae4698a33423858201d699af18d2b53b279a2ad171916ad4 1054739 
ejabberd_2.0.1.orig.tar.gz
 9f55b2b7a5625bb30b193735fa67ef4d54d088bfebeeb9bb9f3e8f97637f5774 56231 
ejabberd_2.0.1-6+lenny1.diff.gz
 ecd0292f0669228bdaeeb904bc0500edc1f25407fd6416b18548117b1435a7b3 1190002 
ejabberd_2.0.1-6+lenny1_i386.deb
Files: 
 4352a0860f0d1e64d2ba40ebcb68f484 1387 net optional ejabberd_2.0.1-6+lenny1.dsc
 9c9417ab8dc334094ec7a611016c726e 1054739 net optional 
ejabberd_2.0.1.orig.tar.gz
 d59d9f9bddb5e44e586bf7b6e33ab716 56231 net optional 
ejabberd_2.0.1-6+lenny1.diff.gz
 eebdbe567fd8eff45f219c80ca1e3896 1190002 net optional 
ejabberd_2.0.1-6+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknmlEsACgkQ62zWxYk/rQe8CgCgv+8ajZk+RPzgryQUjlQY+vEh
X0kAn0E3Q1FzCCAeQWeAYE9YJeSGK0ac
=gqcz
-----END PGP SIGNATURE-----

--- End Message ---