stable

prosody-0.9.9-2.el6

FEDORA-EPEL-2016-570414d664 created by robert 8 years ago for Fedora EPEL 6

Prosody 0.9.9

A summary of changes:

Security fixes

  • Fix path traversal vulnerability in mod_http_files (CVE-2016-1231)
  • Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Bugs

  • Improve handling of CNAME records in DNS
  • Fix traceback when deleting a user in some configurations (issue #496)
  • MUC: restrict_room_creation could prevent users from joining rooms (issue #458)
  • MUC: fix occasional dropping of iq stanzas sent privately between occupants
  • Fix a potential memory leak in mod_pep

Additions

  • Add http:list() command to telnet to view active HTTP services
  • Simplify IPv4/v6 address selection code for outgoing s2s
  • Add support for importing SCRAM hashes from ejabberd

This update has been submitted for testing by robert.

8 years ago

This update has been pushed to testing.

8 years ago

robert edited this update.

New build(s):

  • prosody-0.9.9-2.el6

Removed build(s):

  • prosody-0.9.9-1.el6
8 years ago

This update has been submitted for testing by robert.

8 years ago

This update has been pushed to testing.

8 years ago
User Icon volter commented & provided feedback 8 years ago

I'm not using mod_http_files and I'm not sure what dialback secrets are, but it works for me.

This update has been submitted for stable by bodhi.

8 years ago
User Icon volter provided feedback 8 years ago
karma

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
modified
8 years ago
BZ#1296983 CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files
0
0
BZ#1296984 CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets
0
0

Automated Test Results