diff options
| author | Thomas Morper <thomas@beingboiled.info> | 2021-08-03 18:22:00 +0000 |
|---|---|---|
| committer | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2021-08-03 18:22:00 +0000 |
| commit | bfc6a3ee044d51a7989cb9d51b1a66c8b9efe84f (patch) | |
| tree | 00e4b758a3e7c7d52de9ccd7d083652dbadd40c9 | |
| parent | b956528b42f11820ce690c51e452bf745084fd5e (diff) | |
| download | ports-bfc6a3ee044d51a7989cb9d51b1a66c8b9efe84f.tar.gz ports-bfc6a3ee044d51a7989cb9d51b1a66c8b9efe84f.zip | |
security/vuxml: Add net-im/prosody CVE-2021-37601
PR: 257597
| -rw-r--r-- | security/vuxml/vuln-2021.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index bcc078f0d575..b4a482f88b4c 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,31 @@ + <vuln vid="5ef14250-f47c-11eb-8f13-5b4de959822e"> + <topic>Prosody -- Remote Information Disclosure</topic> + <affects> + <package> + <name>prosody</name> + <range><lt>0.11.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Prosody XMPP server advisory reports:</p> + <blockquote cite="https://prosody.im/security/advisory_20210722/"> + <p>It was discovered that Prosody allows any entity to access the list of + admins, members, owners and banned entities of any federated XMPP group chat + of which they know the address.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-37601</cvename> + <url>https://prosody.im/security/advisory_20210722/</url> + </references> + <dates> + <discovery>2021-07-22</discovery> + <entry>2021-08-03</entry> + </dates> + </vuln> + <vuln vid="c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |