Security Release DJabberd 0.85
64 views
Skip to first unread message
Yann
Jun 13, 2011, 6:26:56 PM6/13/11
to djabberd, wou...@coekaerts.be
Mart is currently pushing 0.85 version of DJabberd to CPAN, upgrade is
strongly advised as it contains a fix
for a security hole disclosed by Wouter Coekaerts, allowing a user to
gain read-access to files on the server.
Note that this is distinct from the "billion laughs" attack mentioned
earlier, there is still no fix for this.
Changes:
https://raw.github.com/djabberd/DJabberd/master/CHANGES
Github:
https://github.com/djabberd/DJabberd/tree/7e212c9b58b0529046fde93815a33443818705e1
If you just want to patch 0.84 version the patch is here:
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
Yann
strongly advised as it contains a fix
for a security hole disclosed by Wouter Coekaerts, allowing a user to
gain read-access to files on the server.
Note that this is distinct from the "billion laughs" attack mentioned
earlier, there is still no fix for this.
Changes:
https://raw.github.com/djabberd/DJabberd/master/CHANGES
Github:
https://github.com/djabberd/DJabberd/tree/7e212c9b58b0529046fde93815a33443818705e1
If you just want to patch 0.84 version the patch is here:
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
Yann
Yann Kerherve
Jun 13, 2011, 6:31:22 PM6/13/11
to djabberd, wou...@coekaerts.be
On a related note...
https://github.com/yannk/rpc-xml/commit/bc3a6e65e27ff01f98e786c2f5822406356899a4
https://github.com/yannk/p5-RPC-XML-Parser-LibXML/commit/eda00faa6a6a74bf187f19de7cf6c5b6702c475a
https://github.com/yannk/web-oembed/commit/84a17199e0e091b2a096f6b3306cb329c1a7518f
https://github.com/miyagawa/xml-atom/tree/2a3713befd2d622b8fcf621a4f68ccb09f892b58
Patch your code!
Yann
Reply all
Reply to author
Forward
0 new messages