[ejabberd] Vulnerability in 2.0.4

Nikolaus Polak nik at np-edv.at
Thu Mar 19 18:05:16 MSK 2009


Hello,

if I read the secunia website information about this bug correctly it
says "The vulnerability is reported in versions prior to 2.0.4." - so
the vulnarability is fixed with the 2.0.4 release.

If you mean the recent spam attacks in MuC's there is a patch here:
https://support.process-one.net/doc/display/XAAI/Fighting+Multi-User+Chat+SPAM+with+CAPTCHA
for ejabberd 2.0.4 (for Gentoo users I've got an ebuild in my overlay,
http://hg.linuxlovers.at/gentoo-overlay/ )

greetings,
Nik

----- "Jeffrey Rogiers" <jeffrey.rogiers at gmail.com> schrieb:

> http://www.securityfocus.com/bid/34133
> http://secunia.com/advisories/34340/
> 
> I've seen this reported in various places, but I haven't seen a patch
> anywhere. Has this been addressed?
> 
> Thanks,
> Jeffrey Rogiers
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd

-- 
Nikolaus Polak

Http://np-edv.at
Smtp: nik at np-edv.at
Xmpp: nik at linuxlovers.at
Mobile: +43 676 842266 22
Fleischmarkt 5, AUT-9020 Klagenfurt


More information about the ejabberd mailing list