228662 – net-im/prosody Security Advisory

Bug 228662 - net-im/prosody Security Advisory

Summary: net-im/prosody Security Advisory

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	David Thiel

URL:	https://prosody.im/security/advisory_...
Keywords:

Depends on:
Blocks:

Reported:	2018-06-01 10:23 UTC by FiLiS
Modified:	2018-06-01 20:58 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (lx)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description FiLiS freebsd_committer

2018-06-01 10:23:11 UTC

Due to insufficient validation of client-provided parameters during XMPP stream restarts, authenticated users may override the realm associated with their session, potentially bypassing security policies and allowing impersonation.

All users should upgrade to at least 0.9.14, 0.10.2

https://issues.prosody.im/1147

Comment 1 David Thiel freebsd_committer

2018-06-01 20:58:57 UTC

Update committed.