Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831140 (CVE-2022-0217)

Summary: <net-im/prosody-0.11.11: denial-of-service vulnerability in mod_websocket (CVE-2022-0217)
Product: Gentoo Security Reporter: Conrad Kostecki <conikost>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: conikost
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://blog.prosody.im/prosody-0.11.12-released/
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description Conrad Kostecki gentoo-dev 2022-01-13 17:00:08 UTC
We are pleased to announce the release of Prosody 0.11.12.

This is a security release that addresses a denial-of-service
vulnerability that affects Prosody’s mod_websocket. For more information, refer to the advisory at https://prosody.im/security/advisory_20220113/

A summary of changes since the previous release:

Security

-   util.xml: Do not allow doctypes, comments or processing instructions

# Download

As usual, download instructions for many platforms can be found on our
download page: https://prosody.im/download

If you have any questions, comments or other issues with this release,
let us know! https://prosody.im/discuss
Comment 1 Larry the Git Cow gentoo-dev 2022-01-13 17:11:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09efbc7cf7ecf85e974891d0f7cae1b264c736da

commit 09efbc7cf7ecf85e974891d0f7cae1b264c736da
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2022-01-13 17:10:35 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2022-01-13 17:10:40 +0000

    net-im/prosody: drop 0.11.10, 0.11.11
    
    Bug: https://bugs.gentoo.org/803590
    Bug: https://bugs.gentoo.org/831140
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-im/prosody/Manifest               |   2 -
 net-im/prosody/prosody-0.11.10.ebuild | 102 ----------------------------------
 net-im/prosody/prosody-0.11.11.ebuild | 102 ----------------------------------
 3 files changed, 206 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a217e57700a72a3a2919fb1f40b0112c257e57a0

commit a217e57700a72a3a2919fb1f40b0112c257e57a0
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2022-01-13 17:09:25 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2022-01-13 17:09:25 +0000

    net-im/prosody: x86 stable
    
    Bug: https://bugs.gentoo.org/831140
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-im/prosody/prosody-0.11.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7190e92a99d6cb6ed140224ed2e4e5e142021d37

commit 7190e92a99d6cb6ed140224ed2e4e5e142021d37
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2022-01-13 17:08:35 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2022-01-13 17:08:35 +0000

    net-im/prosody: amd64 stable
    
    Bug: https://bugs.gentoo.org/831140
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-im/prosody/prosody-0.11.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8152eb0f238d49407a6c567f76a67f19f3a5b173

commit 8152eb0f238d49407a6c567f76a67f19f3a5b173
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2022-01-13 17:07:24 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2022-01-13 17:07:36 +0000

    net-im/prosody: add 0.11.12
    
    Bug: https://bugs.gentoo.org/831140
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-im/prosody/Manifest               |   1 +
 net-im/prosody/prosody-0.11.12.ebuild | 102 ++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-13 21:27:32 UTC
Thanks!