Your message dated Sun, 03 Jun 2018 11:02:16 +0000 with message-id <e1fpqm8-0007or...@fasolo.debian.org> and subject line Bug#900524: fixed in prosody 0.9.12-2+deb9u2 has caused the Debian Bug report #900524, regarding prosody: CVE-2018-10847: insufficient stream header validation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 900524: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900524 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: prosody Version: 0.9.7-2 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 0.10.1-1 Control: forwarded -1 https://issues.prosody.im/1147 Hi, The following vulnerability was published for prosody. CVE-2018-10847[0]: insufficient stream header validation If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10847 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10847 [1] https://issues.prosody.im/1147 [2] https://blog.prosody.im/prosody-0-10-2-security-release/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: prosody Source-Version: 0.9.12-2+deb9u2 We believe that the bug you reported is fixed in the latest version of prosody, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 900...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated prosody package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 May 2018 22:08:52 +0200 Source: prosody Binary: prosody Architecture: source Version: 0.9.12-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Matthew James Wild <mwi...@gmail.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 900524 Description: prosody - Lightweight Jabber/XMPP server Changes: prosody (0.9.12-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * mod_c2s: Do not allow the stream 'to' to change across stream restarts (CVE-2018-10847) (Closes: #900524) Checksums-Sha1: 8e16c8233efc84afe61481d20371ff88c0a7eb15 2221 prosody_0.9.12-2+deb9u2.dsc 067b8131b3cf6391192ec3fb8c84a456256fd32a 13500 prosody_0.9.12-2+deb9u2.debian.tar.xz Checksums-Sha256: 760b74b9d6fb037d4459fa99e7fceee10e84eb917fa1399c750c5968f54262f3 2221 prosody_0.9.12-2+deb9u2.dsc 365818acd04f6d0c32832e9c74588652f803745a46e75319b93e86402219ffa4 13500 prosody_0.9.12-2+deb9u2.debian.tar.xz Files: 530a19ca7a98c8a5c00177dddbd2d7a9 2221 net extra prosody_0.9.12-2+deb9u2.dsc 00bec6712771c4be834860f85930df8a 13500 net extra prosody_0.9.12-2+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsQV0tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuOoP+gMz6Wonm/IN5JnLfrlZT27SigAJ9cbD +bmMQAPoGX7zI/2GEa/2xOAXaPEqA55KEYvIrd/k8VCQo4jjC1YXyG/J7ToSf+Qo VGbuKQxT4OSjyLRJgFHZ1FX+ea3yjUOs2C/og56KU+9sQB4A4sDWacvnbaEQWwIg FfsOan6sP6WIfiEpxtyKL4FNvIbyxGnFNkN912BBO4KU53gtlR/RNMhJYRsoFo6Q 2h3d880bQd+G2xGZh/OyvpvZcspkFjKM7au7OcHTKIWZtdbgAi/cN6DGvGhaADQs SXKyKkMmAAYycpVJVotWjn/5lthX3UZi2CPNFENtAaQ9Ibtga/4nRsxp6KoVSXuG XrK9nAwSH4wYNgCd7UqV6UvFv77FIFbdAoypCs3t7oBuvILh4BxnHFq6sqKh7+R0 41iV+i8qb/46xqwsP/4KRD29aF9wL+ufBrkQNsGTHtHELBuiDz+BmNFA6auyjrw9 Lm10VNP3qc9AH3OeRX8J5Mul1AGidRgs5lGk0g+n8GGumW4jeUc1JJRTsQ0B8XmC 4tir+XRzdWVQ/6kgs4mGzm4GSHFHVGX0CUhWAAP/PlpqmmRFwG11hNdnt/GKcuhk ag+xNDGLLIAJ72gF0+uALMrovAmHF3ZGZRZAhkhkFfy3sOhTna2LGl43enltI8bg 92tuWAAUPOXQ =QJCE -----END PGP SIGNATURE-----
--- End Message ---
