Re: [SECURITY] [DLA 2687-2] prosody regression update

Mon, 21 Jun 2021 08:11:51 -0700 

Unsubscribe 

> On Jun 21, 2021, at 11:06 AM, David Sutton <dsut...@oicr.on.ca> wrote:
> 
> unsubscribe
> 
> David Sutton
> Sr. Director, IT and Information Security Officer
> Ontario Institute for Cancer Research
> 
> -----Original Message-----
> From: Anton Gladky <gladky.an...@gmail.com> On Behalf Of Anton Gladky
> Sent: June 19, 2021 2:25 AM
> To: debian-lts-annou...@lists.debian.org
> Subject: [SECURITY] [DLA 2687-2] prosody regression update
> Importance: High
> 
> WARNING: External email, exercise CAUTION
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian LTS Advisory DLA-2687-2                debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                         Anton Gladky
> June 19, 2021                                 https://wiki.debian.org/LTS
> - -------------------------------------------------------------------------
> 
> Package        : prosody
> Version        : 0.9.12-2+deb9u4
> CVE ID         : CVE-2021-32921
> 
> It was discovered that the previous upload of the package prosody versioned 
> 0.9.12-2+deb9u3 introduced a regression in the mod_auth_internal_hashed 
> module. Big thanks to Andre Bianchi for the reporting an issue and for 
> testing the update.
> 
> For Debian 9 stretch, this problem has been fixed in version 0.9.12-2+deb9u4.
> 
> We recommend that you upgrade your prosody packages.
> 
> For the detailed security status of prosody please refer to its security 
> tracker page at:
> https://security-tracker.debian.org/tracker/prosody
> 
> Further information about Debian LTS security advisories, how to apply these 
> updates to your system and frequently asked questions can be found at: 
> https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE-----
> 
> iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDNjcAACgkQ0+Fzg8+n
> /wbPJA/9ExAHfQ83wnMEqtvfdNxEkfFdG2/tbLHeGM3gQy6wEFnfLEVfqINfqshO
> 4qFIA0/DkZrk7jjD2HrO6XkXdvkC9HezpM98p9sXAMjZagNqXRDPrxpo+yGOOgTp
> oT74yQ/RFquFyDPs+p98/UUIl27220ktyTXhTRPiVg9PoTL4TTe2aauhV2FPigm5
> HQVCH2bKf8A54l6s9t9fUDXokSyeq33JoPxdhVZTRbPLmw860XSfsc5dnE5L4zAC
> eqjd1Rj+xQ74vBzKJApvILmCkjJrB4CkPWYW92HamZxPVV6Seairle0DBc2VpizV
> rUiP2BIh4DabfS4R9RwuCCpw70GybqCzbeLhAOnXKMa0j5Ma4XdCWvVwFdpdS5px
> q1zx9Vk/m0iXsRzTg7Ggjzy8zvu5qF7a7DZi2JrOdlHiIbirPOUz7bCPd1MnA00H
> 4wlVtfDHFeDgS+wlEnGgoII+SlnUnGw/D+G3QGqnkMkQ6qQSJiOvlWOpGEzdnB9Z
> hPQhyomDTJSLjOYPlOfRd4rFF/MMiJEKWQDVhyiVjH/dMFZCwmK29ylPkVPrRMDD
> r6Ahj87qottoh3p93nymLK8q1TKeM3a+rAP4nUKQQtKrMjKi/QhgqHLaQORTV8pV
> 38hG1xvWHoJjQhu1rL+zBIwKYN0Juxt6ybYnC7te8iwBOneu0IU=
> =Exn8
> -----END PGP SIGNATURE-----
>

Reply via email to