-
prosody (0.9.8-1ubuntu0.1) wily-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability in mod_http_files
- debian/patches/0008-CVE-2016-1231.patch
- CVE-2016-1231
- LP: #1532943
* SECURITY UPDATE: use of weak PRNG in generation of dialback secrets
- debian/patches/0009-CVE-2016-1232.patch
- CVE-2016-1232
- LP: #1532943
-- Felix Geyer <email address hidden> Mon, 11 Jan 2016 20:55:43 +0100
-
prosody (0.9.8-1) unstable; urgency=medium
* New upstream release.
* Remove the patch which validates UTF-8 strings before calling libidn
because it's already applied upstream:
- 0005-Validate-UTF-8-strings-before-calling-libidn.patch
* Remove from the package two patches already removed from the patch series:
- 0005-Disable-LuaExpat-buffering-if-possible.patch
- 0006-Also-disable-CharacterData-merging-after-stream-rest.patch
* Do not reload prosody configuration after its log is rotated if the daemon
is not actually running (closes: #763658).
* Rename the default snakeoil localhost certificate to localhost.crt to
match its name in the config file (closes: #748721).
* Apply upstream patch which fixes CNAME DNS record resolution
(closes: #787070):
- 0007-Fix-CNAME-DNS-lookup.patch
* Remove quilt from the package build dependencies.
* Bump the standards version to 3.9.6.
-- Sergei Golovan <email address hidden> Tue, 02 Jun 2015 18:27:08 +0300
-
prosody (0.9.7-2) unstable; urgency=high
* Apply upstream patch to validate UTF-8 strings before calling libidn
(related to CVE-2015-2059)
-- Enrico Tassi <email address hidden> Sat, 28 Mar 2015 16:20:07 +0100