Information on source package prosody

Available versions

ReleaseVersion
jessie0.9.7-2+deb8u4
stretch0.9.12-2+deb9u4
buster0.11.2-1+deb10u4
bullseye0.11.9-2+deb11u2
bookworm0.12.3-1
trixie0.12.4-1
sid0.12.4-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-0217vulnerablevulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIt was discovered that an internal Prosody library to load XML based o ...
CVE-2021-37601vulnerablefixedvulnerable (no DSA)fixedfixedfixedfixedmuc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...
CVE-2021-32921vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in Prosody before 0.11.9. It does not use a co ...
CVE-2021-32920vulnerablevulnerable (no DSA, ignored)fixedfixedfixedfixedfixedProsody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...
CVE-2021-32919vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in Prosody before 0.11.9. The undocumented dia ...
CVE-2021-32918vulnerablevulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn issue was discovered in Prosody before 0.11.9. Default settings are ...
CVE-2021-32917vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in Prosody before 0.11.9. The proxy65 componen ...

Resolved issues

BugDescription
TEMP-0579087-7F12A8prosody password world-readable
CVE-2018-10847prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authenticat ...
CVE-2017-18265Prosody before 0.10.0 allows remote attackers to cause a denial of ser ...
CVE-2016-1232The mod_dialback module in Prosody before 0.9.9 does not properly gene ...
CVE-2016-1231Directory traversal vulnerability in the HTTP file-serving module (mod ...
CVE-2016-0756The generate_dialback function in the mod_dialback module in Prosody b ...
CVE-2014-2745Prosody before 0.9.4 does not properly restrict the processing of comp ...
CVE-2014-2744plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightw ...
CVE-2011-2532The json.decode function in util/json.lua in Prosody 0.8.x before 0.8. ...
CVE-2011-2531Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect d ...
CVE-2011-2205Prosody before 0.8.1 does not properly detect recursion during entity ...

Security announcements

DSA / DLADescription
DSA-5047-2prosody - regression update
DSA-5047-1prosody - security update
DLA-2687-2prosody - regression update
DLA-2687-1prosody - security update
DSA-4916-2prosody - regression update
DSA-4916-1prosody - security update
DSA-4216-1prosody - security update
DSA-4198-1prosody - security update
DSA-3463-1prosody - security update
DLA-407-1prosody - security update
DLA-391-1prosody - security update
DSA-3439-1prosody - security update
DSA-2895-1prosody - security update
Search for package or bug name: Reporting problems