Release notes of ejabberd 2.0.4: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204 Cite: # MUC: Prevent XSS in MUC logs by linkifying only a few known protocols
CVE-2009-0934 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0934): Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
2.0.4 is now in portage
Arches, please test and mark stable: =net-im/ejabberd-2.0.4 Target keywords : "amd64 x86"
amd64/x86 stable, all arches done.
GLSA voting, please. I'm tempted to say NO.
XSS => no, closing.