Ubuntu
jabberd2 package

badly needs an update

Bug #1044039 reported by Brian J. Murrell
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
jabberd2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Jabberd2 has fixed a number of bugs in 2.2.15:

https://bugs.launchpad.net/jabberd2/+bug/899284
https://bugs.launchpad.net/jabberd2/+bug/374687

It would be very nice to see an update in Ubuntu Linux that reflects this progress. If I am reading https://launchpad.net/jabberd2/master/2.2.8 correctly, the version you are packaging and shipping is over 3(!) years old.

Thanks for your consideration.

CVE References

Revision history for this message
Jeremy Bícha (jbicha) wrote :

This bug was fixed in the package jabberd2 - 2.2.17-1

---------------
jabberd2 (2.2.17-1) unstable; urgency=low

  * New upstream version (Closes: #637112, #547767).
  * New version patches user security hole (Closes: #685666).
  * debian/init: added Should-Start/Should-Stop dependency for MySQL
    (Closes: #673243).
  * debian/watch: updated URL (Closes: #543415).
  * debian/dirs, debian/postinst: removed /var/run/jabber2 (Closes: #689538).
  * debian/component.d: removed 20resolver. Resolver is not included anymore
    (Closes: #689539).
  * Added myself to uploaders list (Closes: #589304).
  * debian/init, debian/component.d/*: Make less bashish.
  * debian/control: Remove inactive uploaders from list.
  * Make it a debhelper package:
    + debian/rules: dh compliant.
    + debian/install: file created. Needed for rules.
    + debian/default: made some corrections and comments.
    + debian/control: remove hardening-includes.
    + debian/lintianoverride: added *-has-useless-call-to-ldconfig.
  * debian/TODO: updated.
  * debian/prerm: removed because not needed.
  * debian/control: moved adduser from Depends to Pre-Depends.
  * debian/copyright: new format, updated maintainer information.
  * debian/TODO: added file.
  * Removed CVE-2011-1755.dpatch. Is now included in upstream source.
  * Removed implicit-pointer-conversion.dpatch. Is now included in
    upstream source.
  * debian/control: changed homepage URL.
  * debian/control: changed debhelper dependency to >= 9.0.0.
  * debian/control: added ${misc:Depends} to binairy packages.
  * debian/control: added Vcs-git and Vcs-Browser tags.
  * debian/control: added hardening-includes to dependecies.
  * debian/init: added Description tag.
  * debian/init, debian/component.d/*: added status option.
  * debian/init, debian/default: removed resolver entries.
  * debian/rules: removed unrecognized enable-sasl and disable-rpath
    options and added --with-sasl=gsasl option to configure.
  * debian/rules: include hardening options.
  * debian/rules: added build-arch, build-indep.
  * Now quilt 3.0 compatible.
  * debian/preinst, debian/postrm: removed resolver entries.
  * debian/lintian-overrides: overrides false positives.
  * Added patches man_hypen.diff, sm_typo.diff and usr_etc.diff.
  * Add patch to remove config.guess and config.sub from upstream.
    debian/rules: remove 'rm config.guess and config.sub'.
  * Bumped up Standards Version to 3.9.4.
  * Bumped up debhelper to 9.

 -- Willem van den Akker <email address hidden> Wed, 16 Jan 2013 10:00:41 +0100

Changed in jabberd2 (Ubuntu):
status: New → Fix Released
Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :

So, will this be backported to LTS (precise) given that it fixes a known security issue: CVE 2011-1755.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.