Bug 261210 - security/vuxml: Add Prosody XMPP server advisory 2022-01-13
Summary: security/vuxml: Add Prosody XMPP server advisory 2022-01-13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL: https://prosody.im/security/advisory_...
Keywords: security
Depends on:
Blocks: 261209
  Show dependency treegraph
 
Reported: 2022-01-14 21:17 UTC by Thomas Morper
Modified: 2022-01-16 06:42 UTC (History)
1 user (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly-

Attachments
add Prosody XMPP server advisory 2022-01-13 (1.42 KB, patch)
2022-01-14 21:17 UTC, Thomas Morper 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Morper 2022-01-14 21:17:52 UTC 
Created attachment 231015 [details]
add Prosody XMPP server advisory 2022-01-13

Add Prosody XMPP server advisory 2022-01-13.
The recommended mitigation is to upgrade to Prosody 0.11.12.
An update for net-im/prosody has been submitted in bug #261209.
Comment 1 commit-hook freebsd_committer freebsd_triage 2022-01-16 06:33:25 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=504d5f3edc06d542cdcd9c7d64a9c2f611a4e8b4

commit 504d5f3edc06d542cdcd9c7d64a9c2f611a4e8b4
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2022-01-16 06:30:30 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-01-16 06:30:30 +0000

    security/vuxml: Document Prosody XMPP server advisory 2022-01-13

    PR:             261210
    Reported by:    thomas@beingboiled.info
    Security:       CVE-2022-0217

 security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 2 Thomas Zander freebsd_committer freebsd_triage 2022-01-16 06:41:59 UTC 
The vuxml file is updated only on main, not on the quarterly branches.