Bug#547306: marked as done (ejabberd: Memory leak on admin interface with TLS)

Thu, 10 Dec 2009 15:25:12 -0800 

Your message dated Thu, 10 Dec 2009 23:17:50 +0000
with message-id <[email protected]>
and subject line Bug#547306: fixed in ejabberd 2.1.0-2
has caused the Debian Bug report #547306,
regarding ejabberd: Memory leak on admin interface with TLS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
547306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547306
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ejabberd
Version: 2.0.5-1.1
Severity: important


Hi, 

the ejabberd has Memory leak with this configuration : 

  {5280, ejabberd_http, [
                         web_admin,
                         tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
  ]}

A very simple script can make a Dos : 

#!/bin/bash
while true ; 
do
  nc -c "" jabberserver 5280 ;
done ;

This problem is too with lenny version. 

Cheers,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ejabberd depends on:
ii  adduser                3.110             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.27            Debian configuration management sy
ii  erlang-base [erlang-ab 1:13.b.1-dfsg-6   Erlang/OTP virtual machine and bas
ii  erlang-nox             1:13.b.1-dfsg-6   Erlang/OTP applications that don't
ii  libc6                  2.9-26            GNU C Library: Shared libraries
ii  libexpat1              2.0.1-4           XML parsing C library - runtime li
ii  libpam0g               1.1.0-4           Pluggable Authentication Modules l
ii  libssl0.9.8            0.9.8k-5          SSL shared libraries
ii  openssl                0.9.8k-5          Secure Socket Layer (SSL) binary a
ii  ucf                    3.0022            Update Configuration File: preserv
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime

ejabberd recommends no packages.

Versions of packages ejabberd suggests:
pn  libunix-syslog-perl           <none>     (no description available)

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: ejabberd
Source-Version: 2.1.0-2

We believe that the bug you reported is fixed in the latest version of
ejabberd, which is due to be installed in the Debian FTP archive:

ejabberd_2.1.0-2.diff.gz
  to main/e/ejabberd/ejabberd_2.1.0-2.diff.gz
ejabberd_2.1.0-2.dsc
  to main/e/ejabberd/ejabberd_2.1.0-2.dsc
ejabberd_2.1.0-2_powerpc.deb
  to main/e/ejabberd/ejabberd_2.1.0-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gerfried Fuchs <[email protected]> (supplier of updated ejabberd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Dec 2009 23:45:09 +0100
Source: ejabberd
Binary: ejabberd
Architecture: source powerpc
Version: 2.1.0-2
Distribution: unstable
Urgency: low
Maintainer: Torsten Werner <[email protected]>
Changed-By: Gerfried Fuchs <[email protected]>
Description: 
 ejabberd   - Distributed, fault-tolerant Jabber/XMPP server written in Erlang
Closes: 547306 559727
Changes: 
 ejabberd (2.1.0-2) unstable; urgency=low
 .
   [ Konstantin Khomoutov ]
   * Set EJABBERD_DOC_PATH in the ejabberd script
   * Pull the following patches from upstream:
     - routing-speedup.patch: Speeds up routing of messages (EJAB-1114)
     - mod-pubsub-odbc.patch: Fixes service discovery browsing with PEP-capable
       clients (EJAB-1115)
     - req-starttls-zlib-clash.patch: Fix failure of the c2s listener
       (EJAB-1118, closes: 559727)
     - http-tls-leaks.patch: Fix memory and port leaks in web administration
       interface (EJAB-1119, closes: #547306)
     - multiple-pep-last-items.patch: Do not send PEP last items multiple
       times (EJAB-1116)
Checksums-Sha1: 
 1b992df07f5a51e8577edb59c3b88f54cb9afe00 1376 ejabberd_2.1.0-2.dsc
 dcbfcf544a1add18788634513d7e7a34079b5b5e 69339 ejabberd_2.1.0-2.diff.gz
 9275f26d6591d435be7a59dced79378bd161bff1 1323958 ejabberd_2.1.0-2_powerpc.deb
Checksums-Sha256: 
 a9b85c5b17ece5e5c0237b7200eb8554c3d8d5ab421d32ad6bef11ffbd49c7d8 1376 
ejabberd_2.1.0-2.dsc
 b7c0a636f88c18ac2b2ae22caa98b944acb642956df1df48ecca6d46e08a3f58 69339 
ejabberd_2.1.0-2.diff.gz
 a35b1b6e4e07aacfb8daeb21b3228666b388448d1572687f08f897db8ae26a72 1323958 
ejabberd_2.1.0-2_powerpc.deb
Files: 
 e7794bc6fdeba07b012d80c22d7b53a0 1376 net optional ejabberd_2.1.0-2.dsc
 08f4dc914b83fe827dbe8f78a6bdb587 69339 net optional ejabberd_2.1.0-2.diff.gz
 cad822f8d2ed2afcc99992b19dca0997 1323958 net optional 
ejabberd_2.1.0-2_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkshftQACgkQELuA/Ba9d8Y96gCbBw0ZDiXzRufBubrqWV2cEQ4u
uaUAn0xc1+foeIIjXLxI/rJf8ioXLG/L
=LFii
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to