CVE-2022-0217/prosody: stretch ignored

author: Sylvain Beucler <beuc@beuc.net> 2022-01-24 20:43:21 +0100
committer: Sylvain Beucler <beuc@beuc.net> 2022-01-24 20:45:03 +0100
commit: 1afed79ae7eae98e1cf10a7a7060186ceebaa652 (patch)
tree: 2efb24fb73819beec725d57e64ac1a9a6236469f
parent: 62be7c5ade8810d6069577ffb54dbe3ac967368c (diff)
2 files changed, 1 insertions, 3 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index f1fe8240dc..5d079c37f2 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1798,6 +1798,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket
 	RESERVED
 	{DSA-5047-1}
 	- prosody 0.11.12-1 (bug #1003696)
+	[stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data)
 	NOTE: https://prosody.im/security/advisory_20220113/
 	NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
 	NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 4eab64ae0d..ca6cf90909 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -86,9 +86,6 @@ pgbouncer (Christoph Berg)
 pjproject
   NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
 --
-prosody (Sylvain Beucler)
-  NOTE: 20220114: upcoming DSA (Beuc)
---
 python2.7 (Anton)
   NOTE: 20220112: 3 postponed CVEs (Beuc)
   NOTE: 20220124: WIP
author	Sylvain Beucler <beuc@beuc.net>	2022-01-24 20:43:21 +0100
committer	Sylvain Beucler <beuc@beuc.net>	2022-01-24 20:45:03 +0100
commit	1afed79ae7eae98e1cf10a7a7060186ceebaa652 (patch)
tree	2efb24fb73819beec725d57e64ac1a9a6236469f
parent	62be7c5ade8810d6069577ffb54dbe3ac967368c (diff)