[OpenWrt-Devel] [CC 15.05] prosody: Security update (2 CVEs)
jow at openwrt.org
jow at openwrt.org
Thu Jan 28 06:23:46 EST 2016
The prosody package has been rebuilt and was uploaded to the Chaos
Calmer 15.05 repository due to multiple security issues.
VERSION
0.9.8-1 => 0.9.9-1
CHANGELOG
[Mon, 25 Jan 2016 13:31:29 +0100 bb23089]
fixes:
* path traversal vulnerability in mod_http_files (CVE-2016-1231)
* use of weak PRNG in generation of dialback secrets (CVE-2016-1232)
CHANGES
net/prosody/Makefile | 4 ++--
net/prosody/patches/010-fix-randomseed.patch | 12 ------------
2 files changed, 2 insertions(+), 14 deletions(-)
REFERENCES
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232
* https://github.com/openwrt/packages/commit/bb23089e84f2cc6030fbf21ed3fb667d31bb3a7b
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list