[Python-modules-team] Bug#854739: patch for CVE-2017-5591
W. Martin Borgert
debacle at debian.org
Thu Mar 23 21:39:45 UTC 2017
slixmpp has a simple patch:
slixmpp/plugins/xep_0280/carbons.py
@@ -61,10 +61,12 @@ def session_bind(self, jid):
self.xmpp.plugin['xep_0030'].add_feature('urn:xmpp:carbons:2')
def _handle_carbon_received(self, msg):
- self.xmpp.event('carbon_received', msg)
+ if msg['from'].bare == self.xmpp.boundjid.bare:
+ self.xmpp.event('carbon_received', msg)
def _handle_carbon_sent(self, msg):
- self.xmpp.event('carbon_sent', msg)
+ if msg['from'].bare == self.xmpp.boundjid.bare:
+ self.xmpp.event('carbon_sent', msg)
def enable(self, ifrom=None, timeout=None, callback=None,
timeout_callback=None):
Maybe it works for sleekxmpp, too. Will try soon.
More information about the Python-modules-team
mailing list