Publishing details

Published on 2022-01-30

Changelog

prosody (0.11.4-1ubuntu0.1~jdstrand1) focal; urgency=medium

  * SECURITY UPDATE: mod_proxy65: Restrict access to local c2s connections by
    default. Patch thanks to Debian
    - 0006-CVE-2021-32917.patch
  * SECURITY UPDATE: adjust default settings to impose limits to guard against
    unauthenticated DoS. Patch thanks to Debian
    - 0007-CVE-2021-32918.patch
  * SECURITY UPDATE: mod_dialback: Use correct host for certificate check.
    Patch thanks to Debian
    - 0008-CVE-2021-32919.patch
  * SECURITY UPDATE: disable SSL/TLS renegotiation be default. Patch thanks to
    Debian
    - 0009-CVE-2021-32920.patch
  * SECURITY UPDATE: Add and use constant-time string comparison (binding to
    CRYPTO_memcmp). Patch thanks to Debian
    - 0010-CVE-2021-32921.patch
  * SECURITY UPDATE: don't expose entity lists to non chat members
    - 0011-CVE-2021-37601.patch
  * SECURITY UPDATE: restrict XML features allowed in parsed XML data. Patch
    thanks to Debian
    - 0012-CVE-2022-0217.patch
  * 0013-CVE-2022-0217-fix-memory-leak.patch: fix memory leak introduced in
    0012-CVE-2022-0217.patch. Patch thanks to Debian.

 -- Jamie Strandboge <email address hidden>  Sun, 30 Jan 2022 14:55:34 +0000

Available diffs

diff from 0.11.4-1 (in Debian) to 0.11.4-1ubuntu0.1~jdstrand1 (12.8 KiB)

Builds

amd64

Built packages

prosody Lightweight Jabber/XMPP server

Package files

prosody_0.11.4-1ubuntu0.1~jdstrand1.debian.tar.xz (37.8 KiB)
prosody_0.11.4-1ubuntu0.1~jdstrand1.dsc (2.2 KiB)
prosody_0.11.4-1ubuntu0.1~jdstrand1_amd64.deb (295.1 KiB)
prosody_0.11.4.orig.tar.gz (413.6 KiB)