diff options
Diffstat (limited to 'metadata/glsa/glsa-202105-15.xml')
-rw-r--r-- | metadata/glsa/glsa-202105-15.xml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202105-15.xml b/metadata/glsa/glsa-202105-15.xml new file mode 100644 index 000000000000..5f2b4e50cd67 --- /dev/null +++ b/metadata/glsa/glsa-202105-15.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-15"> + <title>Prosŏdy IM: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Prosŏdy IM, the worst + of which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">prosody</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>771144</bug> + <bug>789969</bug> + <access>remote</access> + <affected> + <package name="net-im/prosody" auto="yes" arch="*"> + <unaffected range="ge">0.11.9</unaffected> + <vulnerable range="lt">0.11.9</vulnerable> + </package> + </affected> + <background> + <p>Prosŏdy IM is a modern XMPP communication server. It aims to be easy to + set up and configure, and efficient with system resources. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Prosŏdy IM. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Prosŏdy IM users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/prosody-0.11.9" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32917">CVE-2021-32917</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32918">CVE-2021-32918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32919">CVE-2021-32919</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32920">CVE-2021-32920</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32921">CVE-2021-32921</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T16:08:26Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:37:19Z">whissi</metadata> +</glsa> |