Debian Security Advisory
DLA-832-1 bitlbee -- LTS security update
- Date Reported:
- 23 Feb 2017
- Affected Packages:
- bitlbee
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-10188, CVE-2016-10189, CVE-2017-5668.
- More information:
-
- CVE-2017-5668
Fix for incomplete fix for
Null pointer dereference with file transfer request from unknown contacts
. (Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189) - CVE-2016-10189
Null pointer dereference with file transfer request from unknown contacts.
- CVE-2016-10188
deactivate any incoming file transfer for bitlbee This affects any libpurple protocol when used through BitlBee. It does not affect other libpurple-based clients such as pidgin.
For Debian 7
Wheezy
, these issues have been fixed in bitlbee version 3.0.5-1.2+deb7u1 - CVE-2017-5668