Candidate: CVE-2017-5592
PublicDate: 2017-02-09 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5592
 http://openwall.com/lists/oss-security/2017/02/09/29
 https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b
 https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
 https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
Description:
 An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP
 clients allows a remote attacker to impersonate any user, including
 contacts, in the vulnerable application's display. This allows for various
 kinds of social engineering attacks. This CVE is for profanity (0.4.7 -
 0.5.0).
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854735
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N [5.9 MEDIUM]

Patches_profanity:
upstream_profanity: released (0.5.1-1)
precise_profanity: DNE
precise/esm_profanity: DNE
trusty_profanity: DNE
trusty/esm_profanity: DNE
vivid/stable-phone-overlay_profanity: DNE
vivid/ubuntu-core_profanity: DNE
xenial_profanity: ignored (end of standard support, was needed)
yakkety_profanity: ignored (reached end-of-life)
zesty_profanity: ignored (reached end-of-life)
artful_profanity: ignored (reached end-of-life)
bionic_profanity: not-affected (0.5.1-3)
cosmic_profanity: not-affected (0.5.1-3)
disco_profanity: not-affected (0.5.1-3)
eoan_profanity: not-affected (0.5.1-3)
focal_profanity: not-affected (0.5.1-3)
groovy_profanity: not-affected (0.5.1-3)
hirsute_profanity: not-affected (0.5.1-3)
impish_profanity: not-affected (0.5.1-3)
jammy_profanity: not-affected (0.5.1-3)
devel_profanity: not-affected (0.5.1-3)