Package: ejabberd Severity: grave Tags: patch security A remotely exploitable denial of service vulnerability has been found in ejabberd which allows an attacker to crash because of a message queue overload when sending too many client2server message to the server (e.g. via a rogue client).
Patches are available at: https://support.process-one.net/browse/EJAB-1173;jsessionid=CC9A1D875A20197DD4571444DA8C1EFB?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel CVE-2010-0305 has been assigned to this issue. Please mention this CVE id in the changelog when fixing this bug. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: Digital signature
