Security update for mcabber
This update for mcabber fixes the following issues:
- Update to version 1.0.4 (changes since 1.0.2):
* Check the origin of roster pushes (boo#1014976, CVE-2015-8688 (Gajim),
https://gultsch.de/gajim_roster_push_and_message_interception.html)
* Link with the tinfo library.
* Fix default modules directory on OpenBSD.
* Create the history log directory if it doesn't exist.
* [OTR] Do not send empty subjects.
* [UI] /set does not display password values anymore.
* [MUC] Use nick to set the role.
* Misc help/documentation updates.
-
Submitted by
Alexei Sorokin (XRevan86)
Fixed bugs
bnc#1014976
VUL-1: CVE-2016-9928: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza
