FEDORA-EPEL-2016-d4bdacdc4a created by robert 4 years ago for Fedora EPEL 5
stable

Prosody 0.9.9

A summary of changes:

Security fixes

  • Fix path traversal vulnerability in mod_http_files (CVE-2016-1231)
  • Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

Bugs

  • Improve handling of CNAME records in DNS
  • Fix traceback when deleting a user in some configurations (issue #496)
  • MUC: restrict_room_creation could prevent users from joining rooms (issue #458)
  • MUC: fix occasional dropping of iq stanzas sent privately between occupants
  • Fix a potential memory leak in mod_pep

Additions

  • Add http:list() command to telnet to view active HTTP services
  • Simplify IPv4/v6 address selection code for outgoing s2s
  • Add support for importing SCRAM hashes from ejabberd

This update has been submitted for testing by robert.

4 years ago

This update has been pushed to testing.

4 years ago

robert edited this update.

New build(s):

  • prosody-0.9.9-2.el5

Removed build(s):

  • prosody-0.9.9-1.el5
4 years ago

This update has been submitted for testing by robert.

4 years ago

This update has been pushed to testing.

4 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by robert.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1296983 CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files
0
0
BZ#1296984 CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets
0
0

Automated Test Results