Re: [SECURITY] [DLA 2687-2] prosody regression update

To: David Sutton <DSutton@oicr.on.ca>
Cc: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 2687-2] prosody regression update
From: Jamie Tudor <jtdarkly@gmail.com>
Date: Mon, 21 Jun 2021 11:11:30 -0400
Message-id: <[🔎] 77724192-48AF-4894-A65A-01D94807F55C@gmail.com>
In-reply-to: <[🔎] YQBPR0101MB47318E2E888926ECC76CA0228D0A9@YQBPR0101MB4731.CANPRD01.PROD.OUTLOOK.COM>
References: <[🔎] YQBPR0101MB47318E2E888926ECC76CA0228D0A9@YQBPR0101MB4731.CANPRD01.PROD.OUTLOOK.COM>

Unsubscribe 

> On Jun 21, 2021, at 11:06 AM, David Sutton <DSutton@oicr.on.ca> wrote:
> 
> unsubscribe
> 
> David Sutton
> Sr. Director, IT and Information Security Officer
> Ontario Institute for Cancer Research
> 
> -----Original Message-----
> From: Anton Gladky <gladky.anton@gmail.com> On Behalf Of Anton Gladky
> Sent: June 19, 2021 2:25 AM
> To: debian-lts-announce@lists.debian.org
> Subject: [SECURITY] [DLA 2687-2] prosody regression update
> Importance: High
> 
> WARNING: External email, exercise CAUTION
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian LTS Advisory DLA-2687-2                debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                         Anton Gladky
> June 19, 2021                                 https://wiki.debian.org/LTS
> - -------------------------------------------------------------------------
> 
> Package        : prosody
> Version        : 0.9.12-2+deb9u4
> CVE ID         : CVE-2021-32921
> 
> It was discovered that the previous upload of the package prosody versioned 0.9.12-2+deb9u3 introduced a regression in the mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the reporting an issue and for testing the update.
> 
> For Debian 9 stretch, this problem has been fixed in version 0.9.12-2+deb9u4.
> 
> We recommend that you upgrade your prosody packages.
> 
> For the detailed security status of prosody please refer to its security tracker page at:
> https://security-tracker.debian.org/tracker/prosody
> 
> Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE-----
> 
> iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDNjcAACgkQ0+Fzg8+n
> /wbPJA/9ExAHfQ83wnMEqtvfdNxEkfFdG2/tbLHeGM3gQy6wEFnfLEVfqINfqshO
> 4qFIA0/DkZrk7jjD2HrO6XkXdvkC9HezpM98p9sXAMjZagNqXRDPrxpo+yGOOgTp
> oT74yQ/RFquFyDPs+p98/UUIl27220ktyTXhTRPiVg9PoTL4TTe2aauhV2FPigm5
> HQVCH2bKf8A54l6s9t9fUDXokSyeq33JoPxdhVZTRbPLmw860XSfsc5dnE5L4zAC
> eqjd1Rj+xQ74vBzKJApvILmCkjJrB4CkPWYW92HamZxPVV6Seairle0DBc2VpizV
> rUiP2BIh4DabfS4R9RwuCCpw70GybqCzbeLhAOnXKMa0j5Ma4XdCWvVwFdpdS5px
> q1zx9Vk/m0iXsRzTg7Ggjzy8zvu5qF7a7DZi2JrOdlHiIbirPOUz7bCPd1MnA00H
> 4wlVtfDHFeDgS+wlEnGgoII+SlnUnGw/D+G3QGqnkMkQ6qQSJiOvlWOpGEzdnB9Z
> hPQhyomDTJSLjOYPlOfRd4rFF/MMiJEKWQDVhyiVjH/dMFZCwmK29ylPkVPrRMDD
> r6Ahj87qottoh3p93nymLK8q1TKeM3a+rAP4nUKQQtKrMjKi/QhgqHLaQORTV8pV
> 38hG1xvWHoJjQhu1rL+zBIwKYN0Juxt6ybYnC7te8iwBOneu0IU=
> =Exn8
> -----END PGP SIGNATURE-----
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 2687-2] prosody regression update
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

References:
- RE: [SECURITY] [DLA 2687-2] prosody regression update
  - From: David Sutton <DSutton@oicr.on.ca>

Prev by Date: RE: [SECURITY] [DLA 2687-2] prosody regression update
Next by Date: Re: [SECURITY] [DLA 2687-2] prosody regression update
Previous by thread: RE: [SECURITY] [DLA 2687-2] prosody regression update
Next by thread: Re: [SECURITY] [DLA 2687-2] prosody regression update
Index(es):
- Date
- Thread