Author: agx
Date: 2016-01-28 20:02:57 +0000 (Thu, 28 Jan 2016)
New Revision: 39273
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Prosody affected by CVE-2016-0756
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-28 19:29:47 UTC (rev 39272)
+++ data/CVE/list 2016-01-28 20:02:57 UTC (rev 39273)
@@ -3896,6 +3896,8 @@
RESERVED
- prosody <unfixed>
NOTE: http://blog.prosody.im/prosody-0-9-10-released/
+ NOTE: https://prosody.im/security/advisory_20160127/
+ NOTE: Upstream fix
https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
TODO: check versions
CVE-2016-0755 [NTLM credentials not-checked for proxy connection re-use]
RESERVED
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-01-28 19:29:47 UTC (rev 39272)
+++ data/dla-needed.txt 2016-01-28 20:02:57 UTC (rev 39273)
@@ -62,5 +62,8 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
+prosody
+ NOTE: affected code in core/s2smanager.lua
+--
tiff (Damyan Ivanov)
--
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
