Bug 206707 - net-im/prosody: Update to 0.9.10
Summary: net-im/prosody: Update to 0.9.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: David Thiel
URL: http://blog.prosody.im/prosody-0-9-10...
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-01-28 10:38 UTC by Anton Shestakov
Modified: 2016-02-14 00:07 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (lx)
junovitch: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Shestakov 2016-01-28 10:38:46 UTC 
Prosody team is having a ball with CVEs recently, so they've released another update on their stable branch, 0.9.10, which fixes CVE-2016-0756. They strongly encourage users to upgrade: http://blog.prosody.im/prosody-0-9-10-released/
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-01-28 21:01:01 UTC 
A commit references this bug:

Author: lx
Date: Thu Jan 28 21:00:56 UTC 2016
New revision: 407422
URL: https://svnweb.freebsd.org/changeset/ports/407422

Log:
  vuxml for prosody CVE-2016-0756.

  PR:		206707
  Submitted by: Anton Shestakov

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-01-28 21:04:03 UTC 
A commit references this bug:

Author: lx
Date: Thu Jan 28 21:03:35 UTC 2016
New revision: 407423
URL: https://svnweb.freebsd.org/changeset/ports/407423

Log:
  Update to 0.9.10, fixing a user impersonation attack.

  PR:	206707
  Submitted by:	Anton Shestakov
  MFH:		2016Q1

Changes:
  head/net-im/prosody/Makefile
  head/net-im/prosody/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-02-14 00:05:31 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Feb 14 00:04:51 UTC 2016
New revision: 408837
URL: https://svnweb.freebsd.org/changeset/ports/408837

Log:
  MFH: r407423

  Update to 0.9.10, fixing a user impersonation attack.

  PR:		206707
  Submitted by:	Anton Shestakov <av6@dwimlabs.net>
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/net-im/prosody/Makefile
  branches/2016Q1/net-im/prosody/distinfo
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-02-14 00:07:03 UTC 
MFH, set merge-quarterly+ to reflect MFH, tag 'security', and close PR.