[Python-modules-team] Bug#854739: patch for CVE-2017-5591

W. Martin Borgert debacle at debian.org
Thu Mar 23 21:39:45 UTC 2017


slixmpp has a simple patch:

slixmpp/plugins/xep_0280/carbons.py
@@ -61,10 +61,12 @@ def session_bind(self, jid):
         self.xmpp.plugin['xep_0030'].add_feature('urn:xmpp:carbons:2')
 
     def _handle_carbon_received(self, msg):
-        self.xmpp.event('carbon_received', msg)
+        if msg['from'].bare == self.xmpp.boundjid.bare:
+            self.xmpp.event('carbon_received', msg)
 
     def _handle_carbon_sent(self, msg):
-        self.xmpp.event('carbon_sent', msg)
+        if msg['from'].bare == self.xmpp.boundjid.bare:
+            self.xmpp.event('carbon_sent', msg)
 
     def enable(self, ifrom=None, timeout=None, callback=None,
                timeout_callback=None):

Maybe it works for sleekxmpp, too. Will try soon.



More information about the Python-modules-team mailing list