Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
** Changed in: debian
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747893
Title:
jabberd2 before 2.6.1 allows anyone to authenticate using SASL
ANONYMOUS,
** Description changed:
Xenial 16.04.3 LTS ships with jabberd2 version 2.3.4-1ubuntu2 (as of
this report). This version is vulnerable to CVE-2017-10807, namely it
allows "anonymous" SASL authentication even when that option is switched
off in the configuration:
```
Feb 06 13:34:24 d