Prosody 0.9.9 was recently released, and it fixes CVE-2016-1231 and CVE-2016-1232: http://blog.prosody.im/prosody-0-9-9-security-release/ It would be nice to have this version in ports. I'd make a patch, but I'm not a FreeBSD user and don't have the experience with ports (at least yet).
A commit references this bug: Author: lx Date: Tue Jan 12 21:31:17 UTC 2016 New revision: 405917 URL: https://svnweb.freebsd.org/changeset/ports/405917 Log: Update to 0.9.9, fixing several bugs including security issues. PR: 206150 Submitted by: Anton Shestakov MFH: 2016Q1 Changes: head/net-im/prosody/Makefile head/net-im/prosody/distinfo
Committed, thanks for the heads-up!
A commit references this bug: Author: junovitch Date: Thu Jan 14 00:26:00 UTC 2016 New revision: 406085 URL: https://svnweb.freebsd.org/changeset/ports/406085 Log: Document two vulnerabilities in Prosody PR: 206150 Reported by: Anton Shestakov <av6@dwimlabs.net> Security: CVE-2016-1232 Security: CVE-2016-1231 Security: https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html Changes: head/security/vuxml/vuln.xml
Ping and set as open again. Has the approval for the MFH that was automatically trigger by the commit message come back? The PR should be closed and "merge-quarterly+" set when the MFH is made.
A commit references this bug: Author: junovitch Date: Tue Jan 26 03:57:15 UTC 2016 New revision: 407259 URL: https://svnweb.freebsd.org/changeset/ports/407259 Log: MFH: r405917 Update to 0.9.9, fixing several bugs including security issues. PR: 206150 Submitted by: Anton Shestakov Approved by: ports-secteam (feld) Security: CVE-2016-1232 Security: CVE-2016-1231 Security: https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html Changes: _U branches/2016Q1/ branches/2016Q1/net-im/prosody/Makefile branches/2016Q1/net-im/prosody/distinfo
Close again and set merge-quarterly+ after MFH.