Debian Security Advisory
DSA-5047-1 prosody -- security update
- Date Reported:
- 15 Jan 2022
- Affected Packages:
- prosody
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2022-0217.
- More information:
-
Matthew Wild discovered that the WebSockets code in Prosody, a lightweight Jabber/XMPP server, was susceptible to denial of service.
For the oldstable distribution (buster), this problem has been fixed in version 0.11.2-1+deb10u3.
For the stable distribution (bullseye), this problem has been fixed in version 0.11.9-2+deb11u1.
We recommend that you upgrade your prosody packages.
For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody