* [Buildroot] [git commit branch/2018.08.x] prosody: security bump to version 0.10.2
@ 2018-11-26 16:11 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2018-11-26 16:11 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=344267ae205871e8623acd00b7a1209285460b08
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.08.x
This fixes a cross-host authentication vulnerability, CVE-2018-10847.
The issue affects Prosody instances that have multiple virtual hosts
(including anonymous authenticated hosts):
https://blog.prosody.im/prosody-0-10-2-security-release
A full security advisory is available at
https://prosody.im/security/advisory_20180531
Compute hashes locally as they are no more available on
https://prosody.im/downloads/source/{MD5,SHA1,SHA256,SHA512}SUMS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b950434950489aa897ac04d45d0293269dd8c17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/prosody/prosody.hash | 10 +++++-----
package/prosody/prosody.mk | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/package/prosody/prosody.hash b/package/prosody/prosody.hash
index 898d21814f..b38414294c 100644
--- a/package/prosody/prosody.hash
+++ b/package/prosody/prosody.hash
@@ -1,8 +1,8 @@
-# Hashes from: https://prosody.im/downloads/source/{MD5,SHA1,SHA256,SHA512}SUMS
-md5 0eebf7a18ce1fc7dd9954c94ebd85f54 prosody-0.10.0.tar.gz
-sha1 57c1c5a665e6453bdde06727ef398cd69accd9d7 prosody-0.10.0.tar.gz
-sha256 7414e447256c60b2645578c4a5913113cd74b419ca5a032b54db90d98a978498 prosody-0.10.0.tar.gz
-sha512 ee66e240afba6a8cb286623da48d9b535798153fb65e32070cec93aafe360e91f7087eeb49dec0f7d145e24f04339ed0878e50835b52f682130b204e22990ce9 prosody-0.10.0.tar.gz
+# Locally computed:
+md5 4cb1ac0db2b739b933ded5038551d7c2 prosody-0.10.2.tar.gz
+sha1 1d51e542475c3f3e712eace29537b042c941d6ab prosody-0.10.2.tar.gz
+sha256 75b5f035e7a74d5f208eeeaf8419b94a85d09b40252d444cff8033fde3c9768e prosody-0.10.2.tar.gz
+sha512 9fc05e34b45b0c16835ba94a73532fb3b4ee335f27d56bb9260e1b3e22614f89f44eb5d04b4e90d016db0b5bee6f5c7e7d099e1defb027e6823ee7667c1fe28f prosody-0.10.2.tar.gz
# Hash for license file:
sha256 bbbdc1c5426e5944cf869fc0faeaf19d88a220cd2b39ea98b7b8e86b0e88a2ef COPYING
diff --git a/package/prosody/prosody.mk b/package/prosody/prosody.mk
index d95578253d..7491f94058 100644
--- a/package/prosody/prosody.mk
+++ b/package/prosody/prosody.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PROSODY_VERSION = 0.10.0
+PROSODY_VERSION = 0.10.2
PROSODY_SITE = https://prosody.im/downloads/source
PROSODY_LICENSE = MIT
PROSODY_LICENSE_FILES = COPYING
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-11-26 16:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-26 16:11 [Buildroot] [git commit branch/2018.08.x] prosody: security bump to version 0.10.2 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.