It was discovered that there was a “roster push attack” vulnerability in mcabber, a console-based Jabber (XMPP) client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza (CVE-2016-9928).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | mcabber | < 0.10.1-9.1 | mcabber-0.10.1-9.1.mga5 |