[jadmin] FreeBSD Ports and jabberd14 (WAS Jabberd and
ICQ transport)
Matthias Wimmer
m at tthias.eu
Sat Sep 2 00:47:07 CDT 2006
Hi!
Renato Botelho schrieb:
> On 8/30/06, Paul Cahill <PaulC at car-part.com> wrote:
>> Just out of curiosity, why is the FreeBSD group removing jabberd14? Do
>> they not know that Jabbderd14 and Jabberd2 are two totally different
>> servers and projects?
>
> ===> jabber-1.4.3.1,1 has known vulnerabilities:
> => fd_set -- bitmap index overflow in multiple applications.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/4c005a5e-2541-4d95-80a0-00c76919aa66.html>
>
>
> This port is listed on VuXML about this vulnerability since
> 2004-12-12, and until now, we cannot find a fix for it.
>
> 1.4.4 version has no fix for it too, so, some committers decided to
> mark it as DEPRECATED, announce and wait some time for a fix.
>
> This fix didn't come and if it doesn't come in near future, port will
> be removed. If a fix come in future, port can be safely re-added.
I was not noticed about this vulnerability before 2006-06-20. A fix for
it is at present in trunk of jabberd14. I will release updated bugfix
releases 1.4.3.2 (fixing 1.4.3.1) and 1.4.4.1 (fixing 1.4.4) soon.
Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20060902/6c8a2528/smime-0004.bin
More information about the JAdmin
mailing list