FreeBSD Bugzilla – Attachment 226920 Details for
Bug 257597
security/vuxml: add net-im/prosody CVE-2021-37601
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
net-im/prosody remote information disclosure
vuxml.patch (text/plain), 1.23 KB, created by
Thomas Morper
on 2021-08-03 17:46:05 UTC
(
hide
)
Description:
net-im/prosody remote information disclosure
Filename:
MIME Type:
Creator:
Thomas Morper
Created:
2021-08-03 17:46:05 UTC
Size:
1.23 KB
patch
obsolete
>diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml >index 5c3aff7a6e3c..a61c47b3c5b4 100644 >--- a/security/vuxml/vuln-2021.xml >+++ b/security/vuxml/vuln-2021.xml >@@ -1,3 +1,31 @@ >+ <vuln vid="5ef14250-f47c-11eb-8f13-5b4de959822e"> >+ <topic>Prosody -- Remote Information Disclosure</topic> >+ <affects> >+ <package> >+ <name>prosody</name> >+ <range><lt>0.11.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>A Prosody XMPP server advisory reports:</p> >+ <blockquote cite="https://prosody.im/security/advisory_20210722/"> >+ <p>It was discovered that Prosody allows any entity to access the list of >+ admins, members, owners and banned entities of any federated XMPP group chat >+ of which they know the address.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-37601</cvename> >+ <url>https://prosody.im/security/advisory_20210722/</url> >+ </references> >+ <dates> >+ <discovery>2021-07-22</discovery> >+ <entry>2021-08-03</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="b1aa54ae-74cb-42a0-b462-cbb6831c5c50"> > <topic>RabbitMQ -- Denial of Service in AMQP1.0 plugin</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 257597
: 226920