Your message dated Sat, 05 Feb 2022 19:03:10 +0000
with message-id <[email protected]>
and subject line Bug#1004173: fixed in prosody 0.11.2-1+deb10u4
has caused the Debian Bug report #1004173,
regarding prosody: Regression from CVE-2022-0217: memory leak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004173: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004173
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: prosody
Version: 0.11.12-1
Severity: important
Tags: upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.11.2-1+deb10u3
Control: found -1 0.11.9-2+deb11u1
Control: affects -1 security.debian.org,release.debian.org
Hi,
https://www.openwall.com/lists/oss-security/2022/01/20/4 mentions a
regression from the security fix for CVE-2022-0217.
Fixing commit: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: prosody
Source-Version: 0.11.2-1+deb10u4
Done: Victor Seva <[email protected]>
We believe that the bug you reported is fixed in the latest version of
prosody, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Victor Seva <[email protected]> (supplier of updated prosody package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Jan 2022 18:16:06 +0100
Source: prosody
Architecture: source
Version: 0.11.2-1+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: Debian XMPP Maintainers <[email protected]>
Changed-By: Victor Seva <[email protected]>
Closes: 1004173
Changes:
prosody (0.11.2-1+deb10u4) buster-security; urgency=medium
.
* CVE-2022-0217 fix memory leak (Closes: #1004173)
* fix numbering of patches
Checksums-Sha1:
f66a827685162406e2b9f4bb275e17fb54b24adb 1844 prosody_0.11.2-1+deb10u4.dsc
e671a44faf0980cfeba85f041d20bbee1015e9f2 26248
prosody_0.11.2-1+deb10u4.debian.tar.xz
25c324b3e405ebc6392c73cad1e9f387f566ffa2 6360
prosody_0.11.2-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
c414ab92439bcf1adc9914370483cd533838ddb44ad6de73ce4947a3bf3def6b 1844
prosody_0.11.2-1+deb10u4.dsc
8b051b6c183bcd7ebddb0b729acfc66c782cda94ccf4f0957b918529ae26caf3 26248
prosody_0.11.2-1+deb10u4.debian.tar.xz
8dd87dccf042ecd37cc458764e2f174541158c19a6a8321e517fe7ec855c704d 6360
prosody_0.11.2-1+deb10u4_amd64.buildinfo
Files:
77f423efe9156b1e7363c05ae26c36c1 1844 net optional prosody_0.11.2-1+deb10u4.dsc
0c7b9772858c22c528f00f6aec54a4de 26248 net optional
prosody_0.11.2-1+deb10u4.debian.tar.xz
4431543c3afb31d7cf90df37863a34d8 6360 net optional
prosody_0.11.2-1+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFFBAEBCgAvFiEEDmBQEMrYIhRFqKAgIXSmjn2oLMcFAmHy19gRHHZzZXZhQGRl
Ymlhbi5vcmcACgkQIXSmjn2oLMcNMgf+Ny6Sf1qsRgDAeM/wTBDqDWmaxcK1ymxn
3mNOxqBLOeml/5/JSZOojAPj9a42kYLosfMMl1FWylYpqBOuDRa509FV01/pjxhb
zkX26O4s8QPvXRxnXZQbk3YfitpSB1UrsvMPPS9QY+uTZjyAE0BMoBzQru+EEEfg
XM/F2rOKjP+VapKqDg/J2y+WR4XOVLRL5Z2yHvsM2hiYWNI+pujxrPNXfNefTFN8
hkIFth46ZN3SppKaUvoda1iS7WXfTOSyDc6m22p7hhnaQkUojBW0eZ4NKXYL6fij
9XUttbCCihECtcQKGtMcIhjS1782ATOp0518liPPvyL1bX8u4/XElw==
=bVjg
-----END PGP SIGNATURE-----
--- End Message ---
