diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-01-24 20:43:21 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-24 20:45:03 +0100 |
commit | 83e02c5d263beebe201fefbf3d38a942c73c211d (patch) | |
tree | 0f60ed5d0422f4b4c9ef0035458ef2ec878ac55f | |
parent | 8d324850e77fc7dc4429d37c85acfdd61c426755 (diff) |
CVE-2022-0217/prosody: stretch ignored
-rw-r--r-- | data/CVE/2022.list | 1 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
2 files changed, 1 insertions, 3 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list index f1fe8240dc..5d079c37f2 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1798,6 +1798,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket RESERVED {DSA-5047-1} - prosody 0.11.12-1 (bug #1003696) + [stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data) NOTE: https://prosody.im/security/advisory_20220113/ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 4eab64ae0d..ca6cf90909 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -86,9 +86,6 @@ pgbouncer (Christoph Berg) pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -prosody (Sylvain Beucler) - NOTE: 20220114: upcoming DSA (Beuc) --- python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) NOTE: 20220124: WIP |