CVE-2022-0217/prosody: stretch ignored

author: Sylvain Beucler <beuc@beuc.net> 2022-01-24 20:43:21 +0100
committer: Sylvain Beucler <beuc@beuc.net> 2022-01-24 20:45:03 +0100
commit: 83e02c5d263beebe201fefbf3d38a942c73c211d (patch)
tree: 0f60ed5d0422f4b4c9ef0035458ef2ec878ac55f
parent: 8d324850e77fc7dc4429d37c85acfdd61c426755 (diff)
2 files changed, 1 insertions, 3 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index f1fe8240dc..5d079c37f2 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1798,6 +1798,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket
 	RESERVED
 	{DSA-5047-1}
 	- prosody 0.11.12-1 (bug #1003696)
+	[stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data)
 	NOTE: https://prosody.im/security/advisory_20220113/
 	NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
 	NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 4eab64ae0d..ca6cf90909 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -86,9 +86,6 @@ pgbouncer (Christoph Berg)
 pjproject
   NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
 --
-prosody (Sylvain Beucler)
-  NOTE: 20220114: upcoming DSA (Beuc)
---
 python2.7 (Anton)
   NOTE: 20220112: 3 postponed CVEs (Beuc)
   NOTE: 20220124: WIP
author	Sylvain Beucler <beuc@beuc.net>	2022-01-24 20:43:21 +0100
committer	Sylvain Beucler <beuc@beuc.net>	2022-01-24 20:45:03 +0100
commit	83e02c5d263beebe201fefbf3d38a942c73c211d (patch)
tree	0f60ed5d0422f4b4c9ef0035458ef2ec878ac55f
parent	8d324850e77fc7dc4429d37c85acfdd61c426755 (diff)