[Git][security-tracker-team/security-tracker][master] Add upstream commits for prosody issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 13 18:05:01 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e32db63c by Salvatore Bonaccorso at 2021-05-13T19:04:39+02:00
Add upstream commits for prosody issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,31 +2,46 @@ CVE-2021-32923
RESERVED
CVE-2021-32922
RESERVED
-CVE-2021-32921
+CVE-2021-32921 [Use of timing-dependent string comparison with sensitive values]
RESERVED
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
-CVE-2021-32920
+ NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9
+ NOTE: https://hg.prosody.im/trunk/rev/13b84682518e
+ NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986
+CVE-2021-32920 [DoS via repeated TLS renegotiation causing excessive CPU consumption]
RESERVED
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
-CVE-2021-32919
+ NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65
+ NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7
+ NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d
+CVE-2021-32919 [Undocumented dialback-without-dialback option insecure]
RESERVED
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
-CVE-2021-32918
+ NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
+ NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9
+CVE-2021-32918 [DoS via insufficient memory consumption controls]
RESERVED
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
-CVE-2021-32917
+ NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff
+ NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5
+ NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6
+ NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb
+ NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5
+ NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db
+CVE-2021-32917 [Use of mod_proxy65 is unrestricted in default configuration]
RESERVED
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b
CVE-2021-32916
RESERVED
CVE-2021-32915
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32db63c8b2ff07d5557f2465ee56b505d4a5086
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e32db63c8b2ff07d5557f2465ee56b505d4a5086
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210513/ebbe09a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list