CVE-2012-3525
Published: 25 August 2012
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Priority
Status
Package | Release | Status |
---|---|---|
jabberd2 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.0s11-1ubuntu4.2)
|
lucid |
Released
(2.2.8-2ubuntu4.0.10.04.2)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(2.2.8-2ubuntu6.1)
|
|
precise |
Released
(2.2.8-2.2ubuntu0.12.04.1)
|
|
quantal |
Released
(2.2.8-2.2ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: other: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d |