prosody: Security update (2 CVEs)

2016-01-28T12:25:32
ID OPENWRT-SA-000005
Type openwrt
Reporter OpenWrt Project
Modified 2016-01-28T12:25:32

Description

The prosody package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues.

VERSION

0.9.8-1 => 0.9.9-1

CHANGELOG

[Mon, 25 Jan 2016 13:31:29 +0100 bb23089]

fixes: * path traversal vulnerability in mod_http_files (CVE-2016-1231) * use of weak PRNG in generation of dialback secrets (CVE-2016-1232)

CHANGES

net/prosody/Makefile | 4 ++-- net/prosody/patches/010-fix-randomseed.patch | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-)