Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/mcabber@1.0.4-1.1
purl pkg:deb/debian/mcabber@1.0.4-1.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-d79u-7k2v-4qd4 MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. CVE-2016-9928
VCID-hdb9-p8sz-tfg9 An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. CVE-2017-5604

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:18:48.134015+00:00 Debian Oval Importer Fixing VCID-hdb9-p8sz-tfg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:32:08.561636+00:00 Debian Oval Importer Fixing VCID-d79u-7k2v-4qd4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T23:52:26.320064+00:00 Debian Oval Importer Fixing VCID-hdb9-p8sz-tfg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:14:56.684981+00:00 Debian Oval Importer Fixing VCID-d79u-7k2v-4qd4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:24:23.485463+00:00 Debian Oval Importer Fixing VCID-hdb9-p8sz-tfg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:58:54.396722+00:00 Debian Oval Importer Fixing VCID-d79u-7k2v-4qd4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0