This one gets urgend now. In combination with spectrum (http://spectrum.im) the
ejabberd beam process used 100% of the cpu and the load of the server increased
to 1.00.
This behavior is described in https://support.process-one.net/browse/EJAB-1213
Please update ejabberd asap for lucid!
--
Don'
If I understand the bug correctly, that's only half the story.
Badlop give an example for an exploit on 15/May/09 (sic!) at
https://support.process-one.net/browse/EJAB-930.
The restriction of a service - like the MUC-service in the example - is not a
misconfiguration but can be set very deliberat
Will the 2.1.4 be available for Ubuntu 10.04, too?
Otherwise the 2.1.2-2 should be patched.
--
Don't send error stanza as reply to error stanza (EJAB-930)
https://bugs.launchpad.net/bugs/596676
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
Public bug reported:
Binary package hint: ejabberd
Ejabberd replies with error stanza when ACL forbids the stanza even if
the original stanza is error-stanza itself.
RFC3920/9.3.1 says «An entity that receives an error stanza MUST NOT
respond to the stanza with a further error stanza; this helps
