Publishing details
Changelog
prosody (0.11.4-1ubuntu0.1~jdstrand1) focal; urgency=medium
* SECURITY UPDATE: mod_proxy65: Restrict access to local c2s connections by
default. Patch thanks to Debian
- 0006-CVE-2021-32917.patch
* SECURITY UPDATE: adjust default settings to impose limits to guard against
unauthenticated DoS. Patch thanks to Debian
- 0007-CVE-2021-32918.patch
* SECURITY UPDATE: mod_dialback: Use correct host for certificate check.
Patch thanks to Debian
- 0008-CVE-2021-32919.patch
* SECURITY UPDATE: disable SSL/TLS renegotiation be default. Patch thanks to
Debian
- 0009-CVE-2021-32920.patch
* SECURITY UPDATE: Add and use constant-time string comparison (binding to
CRYPTO_memcmp). Patch thanks to Debian
- 0010-CVE-2021-32921.patch
* SECURITY UPDATE: don't expose entity lists to non chat members
- 0011-CVE-2021-37601.patch
* SECURITY UPDATE: restrict XML features allowed in parsed XML data. Patch
thanks to Debian
- 0012-CVE-2022-0217.patch
* 0013-CVE-2022-0217-fix-memory-leak.patch: fix memory leak introduced in
0012-CVE-2022-0217.patch. Patch thanks to Debian.
-- Jamie Strandboge <email address hidden> Sun, 30 Jan 2022 14:55:34 +0000
Builds
Built packages
-
prosody
Lightweight Jabber/XMPP server
Package files