Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#71641 - [prosody] [Security] information disclosure (CVE-2021-37601)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 28 July 2021, 18:46 GMT
Last edited by Jonas Witschel (diabonas) - Tuesday, 03 August 2021, 14:48 GMT
Opened by Jonas Witschel (diabonas) - Wednesday, 28 July 2021, 18:46 GMT
Last edited by Jonas Witschel (diabonas) - Tuesday, 03 August 2021, 14:48 GMT
|
DetailsSummary
======= The package prosody is vulnerable to information disclosure via CVE-2021-37601. Guidance ======== Applying the patch referenced below fixes the issue. According to the advisory, "The attached patch is considered a viable fix of the issue. Distributions are encouraged to pick it up ASAP, even before an official release by the Prosody team." References ========== https://security.archlinux.org/AVG-2237 https://prosody.im/security/advisory_20210722/ https://prosody.im/security/advisory_20210722/1.patch |
This task depends upon
Closed by Jonas Witschel (diabonas)
Tuesday, 03 August 2021, 14:48 GMT
Reason for closing: Fixed
Additional comments about closing: prosody 1:0.11.10-1
Tuesday, 03 August 2021, 14:48 GMT
Reason for closing: Fixed
Additional comments about closing: prosody 1:0.11.10-1