Bug 261209 - net-im/prosody: Update to 0.11.12
Summary: net-im/prosody: Update to 0.11.12
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL: https://blog.prosody.im/prosody-0.11....
Keywords: security
Depends on: 261210
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-14 21:11 UTC by Thomas Morper
Modified: 2022-01-16 12:55 UTC (History)
2 users (show)

See Also:
riggs: merge-quarterly+


Attachments
update net-im/prosody to 0.11.12 (873 bytes, patch)
2022-01-14 21:11 UTC, Thomas Morper
thomas: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Morper 2022-01-14 21:11:30 UTC
Created attachment 231014 [details]
update net-im/prosody to 0.11.12

net-im/prosody: update to 0.11.12

* Update to 0.11.12

ChangeLog:

  https://blog.prosody.im/prosody-0.11.12-released/
  https://prosody.im/security/advisory_20220113/

QA:

  * portlint: OK (1 warning regarding the use of /var/db)
  * testport: OK (poudriere: 12.3-AMD64/i386, 13.0-AMD64/ARM64)

This update fixes CVE-2022-0217.
Comment 1 Thomas Morper 2022-01-14 21:19:01 UTC
VuXML entry submitted in bug #261210.
Comment 2 commit-hook freebsd_committer 2022-01-16 07:09:32 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=73a52bb768b49b4a433411571f82bb910c2f577b

commit 73a52bb768b49b4a433411571f82bb910c2f577b
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2022-01-16 06:43:27 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-01-16 07:08:49 +0000

    net-im/prosody: Update to upstream release 0.11.12

    Details:
    - Changelog see https://blog.prosody.im/prosody-0.11.12-released
    - Fixes a denial of service vulnerability (CVE-2022-0217)

    PR:             261209
    Reported by:    thomas@beingboiled.info (maintainer)
    MFH:            2022Q1
    Security:       CVE-2022-0217

 net-im/prosody/Makefile | 2 +-
 net-im/prosody/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 3 commit-hook freebsd_committer 2022-01-16 12:54:34 UTC
A commit in branch 2022Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d1dd259403ff3e3a9a52a71593704d5c2dae8e96

commit d1dd259403ff3e3a9a52a71593704d5c2dae8e96
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2022-01-16 06:43:27 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-01-16 07:27:33 +0000

    net-im/prosody: Update to upstream release 0.11.12

    Details:
    - Changelog see https://blog.prosody.im/prosody-0.11.12-released
    - Fixes a denial of service vulnerability (CVE-2022-0217)

    PR:             261209
    Reported by:    thomas@beingboiled.info (maintainer)
    MFH:            2022Q1
    Security:       CVE-2022-0217

    (cherry picked from commit 73a52bb768b49b4a433411571f82bb910c2f577b)

 net-im/prosody/Makefile | 2 +-
 net-im/prosody/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)