[SECURITY] [DLA 2687-2] prosody regression update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2687-2] prosody regression update
From: Anton Gladky <gladk@debian.org>
Date: Sat, 19 Jun 2021 08:25:07 +0200 (CEST)
Message-id: <[🔎] 20210619063005.986934A0173@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2687-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
June 19, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : prosody
Version        : 0.9.12-2+deb9u4
CVE ID         : CVE-2021-32921

It was discovered that the previous upload of the package prosody
versioned 0.9.12-2+deb9u3 introduced a regression in the
mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the reporting
an issue and for testing the update.

For Debian 9 stretch, this problem has been fixed in version
0.9.12-2+deb9u4.

We recommend that you upgrade your prosody packages.

For the detailed security status of prosody please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/prosody

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDNjcAACgkQ0+Fzg8+n
/wbPJA/9ExAHfQ83wnMEqtvfdNxEkfFdG2/tbLHeGM3gQy6wEFnfLEVfqINfqshO
4qFIA0/DkZrk7jjD2HrO6XkXdvkC9HezpM98p9sXAMjZagNqXRDPrxpo+yGOOgTp
oT74yQ/RFquFyDPs+p98/UUIl27220ktyTXhTRPiVg9PoTL4TTe2aauhV2FPigm5
HQVCH2bKf8A54l6s9t9fUDXokSyeq33JoPxdhVZTRbPLmw860XSfsc5dnE5L4zAC
eqjd1Rj+xQ74vBzKJApvILmCkjJrB4CkPWYW92HamZxPVV6Seairle0DBc2VpizV
rUiP2BIh4DabfS4R9RwuCCpw70GybqCzbeLhAOnXKMa0j5Ma4XdCWvVwFdpdS5px
q1zx9Vk/m0iXsRzTg7Ggjzy8zvu5qF7a7DZi2JrOdlHiIbirPOUz7bCPd1MnA00H
4wlVtfDHFeDgS+wlEnGgoII+SlnUnGw/D+G3QGqnkMkQ6qQSJiOvlWOpGEzdnB9Z
hPQhyomDTJSLjOYPlOfRd4rFF/MMiJEKWQDVhyiVjH/dMFZCwmK29ylPkVPrRMDD
r6Ahj87qottoh3p93nymLK8q1TKeM3a+rAP4nUKQQtKrMjKi/QhgqHLaQORTV8pV
38hG1xvWHoJjQhu1rL+zBIwKYN0Juxt6ybYnC7te8iwBOneu0IU=
=Exn8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2688-1] jetty9 security update
Next by Date: [SECURITY] [DLA 2690-1] linux-4.19 security update
Previous by thread: [SECURITY] [DLA 2688-1] jetty9 security update
Next by thread: [SECURITY] [DLA 2690-1] linux-4.19 security update
Index(es):
- Date
- Thread