Bug 261210 - security/vuxml: Add Prosody XMPP server advisory 2022-01-13
Summary: security/vuxml: Add Prosody XMPP server advisory 2022-01-13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL: https://prosody.im/security/advisory_...
Keywords: security
Depends on:
Blocks: 261209
  Show dependency treegraph
 
Reported: 2022-01-14 21:17 UTC by Thomas Morper
Modified: 2022-01-16 06:42 UTC (History)
1 user (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly-


Attachments
add Prosody XMPP server advisory 2022-01-13 (1.42 KB, patch)
2022-01-14 21:17 UTC, Thomas Morper
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Morper 2022-01-14 21:17:52 UTC
Created attachment 231015 [details]
add Prosody XMPP server advisory 2022-01-13

Add Prosody XMPP server advisory 2022-01-13.
The recommended mitigation is to upgrade to Prosody 0.11.12.
An update for net-im/prosody has been submitted in bug #261209.
Comment 1 commit-hook freebsd_committer 2022-01-16 06:33:25 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=504d5f3edc06d542cdcd9c7d64a9c2f611a4e8b4

commit 504d5f3edc06d542cdcd9c7d64a9c2f611a4e8b4
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2022-01-16 06:30:30 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-01-16 06:30:30 +0000

    security/vuxml: Document Prosody XMPP server advisory 2022-01-13

    PR:             261210
    Reported by:    thomas@beingboiled.info
    Security:       CVE-2022-0217

 security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 2 Thomas Zander freebsd_committer 2022-01-16 06:41:59 UTC
The vuxml file is updated only on main, not on the quarterly branches.