Attachment #224910 for bug #255849

View | Details | Raw Unified | Return to bug 255849
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="fc75570a-b417-11eb-a23d-c7ab331fd711">
    <topic>Prosody -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>prosody</name>
	<range><lt>0.11.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Prosody security advisory 2021-05-12 reports:</p>
	<blockquote cite="https://prosody.im/security/advisory_20210512/">
	  <p>
	    This advisory details 5 new security vulnerabilities discovered in the
	    Prosody.im XMPP server software. All issues are fixed in the 0.11.9
	    release default configuration.
	  </p>
	  <ul>
	    <li>CVE-2021-32918: DoS via insufficient memory consumption controls</li>
	    <li>CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU consumption</li>
	    <li>CVE-2021-32921: Use of timing-dependent string comparison with sensitive values</li>
	    <li>CVE-2021-32917: Use of mod_proxy65 is unrestricted in default configuration</li>
	    <li>CVE-2021-32919: Undocumented dialback-without-dialback option insecure</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32918</cvename>
      <cvename>CVE-2021-32920</cvename>
      <cvename>CVE-2021-32921</cvename>
      <cvename>CVE-2021-32917</cvename>
      <cvename>CVE-2021-32919</cvename>
    </references>
    <dates>
      <discovery>2021-05-12</discovery>
      <entry>2021-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="3e0ca488-b3f6-11eb-a5f7-a0f3c100ae18">
    <topic>ImageMagick6 -- multiple vulnerabilities</topic>
    <affects>

Return to bug 255849

Lines 76-81 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+40 lines)
76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
77	-->	77	-->
78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		79	<vuln vid="fc75570a-b417-11eb-a23d-c7ab331fd711">
		80	<topic>Prosody -- multiple vulnerabilities</topic>
		81	<affects>
		82	<package>
		83	<name>prosody</name>
		84	<range><lt>0.11.9</lt></range>
		85	</package>
		86	</affects>
		87	<description>
		88	<body xmlns="http://www.w3.org/1999/xhtml">
		89	<p>The Prosody security advisory 2021-05-12 reports:</p>
		90	<blockquote cite="https://prosody.im/security/advisory_20210512/">
		91	<p>
		92	This advisory details 5 new security vulnerabilities discovered in the
		93	Prosody.im XMPP server software. All issues are fixed in the 0.11.9
		94	release default configuration.
		95	</p>
		96	<ul>
		97	<li>CVE-2021-32918: DoS via insufficient memory consumption controls</li>
		98	<li>CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU consumption</li>
		99	<li>CVE-2021-32921: Use of timing-dependent string comparison with sensitive values</li>
		100	<li>CVE-2021-32917: Use of mod_proxy65 is unrestricted in default configuration</li>
		101	<li>CVE-2021-32919: Undocumented dialback-without-dialback option insecure</li>
		102	</ul>
		103	</blockquote>
		104	</body>
		105	</description>
		106	<references>
		107	<cvename>CVE-2021-32918</cvename>
		108	<cvename>CVE-2021-32920</cvename>
		109	<cvename>CVE-2021-32921</cvename>
		110	<cvename>CVE-2021-32917</cvename>
		111	<cvename>CVE-2021-32919</cvename>
		112	</references>
		113	<dates>
		114	<discovery>2021-05-12</discovery>
		115	<entry>2021-05-13</entry>
		116	</dates>
		117	</vuln>
		118
79	<vuln vid="3e0ca488-b3f6-11eb-a5f7-a0f3c100ae18">	119	<vuln vid="3e0ca488-b3f6-11eb-a5f7-a0f3c100ae18">
80	<topic>ImageMagick6 -- multiple vulnerabilities</topic>	120	<topic>ImageMagick6 -- multiple vulnerabilities</topic>
81	<affects>	121	<affects>