diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-01-24 20:43:21 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-24 20:45:03 +0100 |
commit | 1afed79ae7eae98e1cf10a7a7060186ceebaa652 (patch) | |
tree | 2efb24fb73819beec725d57e64ac1a9a6236469f | |
parent | 62be7c5ade8810d6069577ffb54dbe3ac967368c (diff) |
CVE-2022-0217/prosody: stretch ignored
-rw-r--r-- | data/CVE/list.2022 | 1 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
2 files changed, 1 insertions, 3 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index f1fe8240dc..5d079c37f2 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1798,6 +1798,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket RESERVED {DSA-5047-1} - prosody 0.11.12-1 (bug #1003696) + [stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data) NOTE: https://prosody.im/security/advisory_20220113/ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 4eab64ae0d..ca6cf90909 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -86,9 +86,6 @@ pgbouncer (Christoph Berg) pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -prosody (Sylvain Beucler) - NOTE: 20220114: upcoming DSA (Beuc) --- python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) NOTE: 20220124: WIP |