Your message dated Fri, 14 Jan 2022 11:33:47 +0000 with message-id <e1n8kq3-000cyr...@fasolo.debian.org> and subject line Bug#1003696: fixed in prosody 0.11.12-1 has caused the Debian Bug report #1003696, regarding prosody: CVE-2022-0217: Unauthenticated Remote Denial of Service Attack in the WebSocket interface to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003696: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: prosody Version: 0.11.11-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for prosody. CVE-2022-0217[0]: | Unauthenticated Remote Denial of Service Attack in the WebSocket | interface If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0217 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0217 [1] https://prosody.im/security/advisory_20220113/ [2] https://www.openwall.com/lists/oss-security/2022/01/13/3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: prosody Source-Version: 0.11.12-1 Done: Victor Seva <vs...@debian.org> We believe that the bug you reported is fixed in the latest version of prosody, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Victor Seva <vs...@debian.org> (supplier of updated prosody package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jan 2022 12:12:44 +0100 Source: prosody Architecture: source Version: 0.11.12-1 Distribution: unstable Urgency: high Maintainer: Debian XMPP Maintainers <pkg-xmpp-de...@lists.alioth.debian.org> Changed-By: Victor Seva <vs...@debian.org> Closes: 1003696 Changes: prosody (0.11.12-1) unstable; urgency=high . * New upstream version 0.11.12 addressing security issue - https://prosody.im/security/advisory_20220113/ + fixes CVE-2022-0217 (Closes: #1003696) Checksums-Sha1: 8f504db0b197ff744f172764e9a02e876f192ee6 1840 prosody_0.11.12-1.dsc 64c918439c2df130204dcd86398832cb7a481eb3 439656 prosody_0.11.12.orig.tar.gz 212f49e93ba3009bfe78509a0d9c37c7fb6151b9 28664 prosody_0.11.12-1.debian.tar.xz 5439e97e6ad896543d58a2ac63c8e93c7e2fa821 6686 prosody_0.11.12-1_amd64.buildinfo Checksums-Sha256: 3bec68f7614d83d59fcdb8c2090932e845d06bae3e3834d61dd835fb7b8653f1 1840 prosody_0.11.12-1.dsc 56cd52d820f5b3ed37e02d8a2577aa064bbc04db8e87fd18a6020eba0c10560d 439656 prosody_0.11.12.orig.tar.gz 74b470e74da60d637319fb83f5418794ba79e32a08149caf397687f62afd3d57 28664 prosody_0.11.12-1.debian.tar.xz 9b1d08f4ff70f005b5e06e0ce1e4a3b5b67d2d2e1f129bcdd2651876a687ba28 6686 prosody_0.11.12-1_amd64.buildinfo Files: 8bfa03dd20364d90e036fc3a3ef6567f 1840 net optional prosody_0.11.12-1.dsc 64a99571a5de84ace24d8142a1556d68 439656 net optional prosody_0.11.12.orig.tar.gz 232365b3ab53301cba536ff2801d0394 28664 net optional prosody_0.11.12-1.debian.tar.xz 2a0103ce61d41b031c21a656e876104b 6686 net optional prosody_0.11.12-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCgAvFiEE3S3PbKiJPTunbGuNsViYiXJxmOAFAmHhW/8RHHZzZXZhQGRl Ymlhbi5vcmcACgkQsViYiXJxmOC4Cgf+Jnle9mSdm7UVcGloRwqNQsHG9+hsXFWw ADd57vl9gfT5R4N94dabnhpNIFWex8pc+z4yziAqD7kKaQiFTpR/cppN0uAqTki4 eMdv1MSXN5JcYTV4vzet5xozDfX1oN7Oavswe1Q45GK2i585d0+3tIuRRQmbDOY/ fWPnFkLk+L/Hx9b0q+0ZYJfTocEOgSC2NkB2Mt98nKsz9fu9EQ/sx33fi6hZCgNF DTBwSya70AizinoMs4A/A2OVs7eEySj23HskXTbZ3ps8Phj8SY5AV8lGEGxfLDX7 cfI8O4m3B3CKAZCGI0TnpJkSeh6VQcHIfkaNLK8DHadjMADFmTL/wg== =qbK3 -----END PGP SIGNATURE-----
--- End Message ---
