[OpenWrt-Devel] [CC 15.05] prosody: Security update (2 CVEs)

jow at openwrt.org jow at openwrt.org
Thu Jan 28 06:25:32 EST 2016


The prosody package has been rebuilt and was uploaded to the Chaos
Calmer 15.05 repository due to multiple security issues.


VERSION

0.9.8-1 => 0.9.9-1


CHANGELOG

[Mon, 25 Jan 2016 13:31:29 +0100 bb23089]

fixes:
 * path traversal vulnerability in mod_http_files (CVE-2016-1231)
 * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)


CHANGES

 net/prosody/Makefile                         |    4 ++--
 net/prosody/patches/010-fix-randomseed.patch |   12 ------------
 2 files changed, 2 insertions(+), 14 deletions(-)


REFERENCES

 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231
 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232
 * https://github.com/openwrt/packages/commit/bb23089e84f2cc6030fbf21ed3fb667d31bb3a7b
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list