A vulnerability has been discovered in slixmpp which can result in successful man-in-the-middle attacks.
|Package||dev-python/slixmpp on all architectures|
|Affected versions||< 1.8.3|
|Unaffected versions||>= 1.8.3|
slixmpp is a Python 3 library for XMPP.
slixmpp does not validate hostnames in certificates used by connected servers.
An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp.
There is no known workaround at this time.
All slixmpp users should upgrade to the latest version:
# emerge --sync # emerge --ask --upgrade --verbose ">=dev-python/slixmpp-1.8.3"
May 03, 2023
May 03, 2023: 1