blob: 70a5fe7a8a79cde70945eecbf70d7abecc7c37f0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>The flaw allows a malicious server to impersonate the vulnerable domain
to any XMPP domain whose domain name includes the attacker's domain as a
suffix.</p>
<p>For example, <q>bber.example</q> would be able to connect to <q>jabber.example</q>
and successfully impersonate any vulnerable server on the network.</p>
<p>This release also fixes a regression introduced in the previous
<a href="https://security-tracker.debian.org/tracker/CVE-2016-1232">CVE-2016-1232</a> fix: s2s doesn't work if /dev/urandom is read-only.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2016/dla-407.data"
# $Id$
|
