-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2193
                         prosody regression update
                               21 June 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           prosody
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-32921  

Reference:         ESB-2021.2143
                   ESB-2021.1668

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2687-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
June 19, 2021                                 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : prosody
Version        : 0.9.12-2+deb9u4
CVE ID         : CVE-2021-32921

It was discovered that the previous upload of the package prosody
versioned 0.9.12-2+deb9u3 introduced a regression in the
mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the reporting
an issue and for testing the update.

For Debian 9 stretch, this problem has been fixed in version
0.9.12-2+deb9u4.

We recommend that you upgrade your prosody packages.

For the detailed security status of prosody please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/prosody

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDNjcAACgkQ0+Fzg8+n
/wbPJA/9ExAHfQ83wnMEqtvfdNxEkfFdG2/tbLHeGM3gQy6wEFnfLEVfqINfqshO
4qFIA0/DkZrk7jjD2HrO6XkXdvkC9HezpM98p9sXAMjZagNqXRDPrxpo+yGOOgTp
oT74yQ/RFquFyDPs+p98/UUIl27220ktyTXhTRPiVg9PoTL4TTe2aauhV2FPigm5
HQVCH2bKf8A54l6s9t9fUDXokSyeq33JoPxdhVZTRbPLmw860XSfsc5dnE5L4zAC
eqjd1Rj+xQ74vBzKJApvILmCkjJrB4CkPWYW92HamZxPVV6Seairle0DBc2VpizV
rUiP2BIh4DabfS4R9RwuCCpw70GybqCzbeLhAOnXKMa0j5Ma4XdCWvVwFdpdS5px
q1zx9Vk/m0iXsRzTg7Ggjzy8zvu5qF7a7DZi2JrOdlHiIbirPOUz7bCPd1MnA00H
4wlVtfDHFeDgS+wlEnGgoII+SlnUnGw/D+G3QGqnkMkQ6qQSJiOvlWOpGEzdnB9Z
hPQhyomDTJSLjOYPlOfRd4rFF/MMiJEKWQDVhyiVjH/dMFZCwmK29ylPkVPrRMDD
r6Ahj87qottoh3p93nymLK8q1TKeM3a+rAP4nUKQQtKrMjKi/QhgqHLaQORTV8pV
38hG1xvWHoJjQhu1rL+zBIwKYN0Juxt6ybYnC7te8iwBOneu0IU=
=Exn8
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYM/uW+NLKJtyKPYoAQgtZRAAqq7ph8E3ZjKmmWhaRNiBVulKt6PeaGzg
gpIRIxgGcZynWfeWGW6SwwoXnD7/97MqIapd26sow5ghQeKF1IkBCohkJwcRW6yC
7L7uzIDExNlOAa9z3FTjQ5EEGmCSQHvADjkMjAXM6HLwGS8O2WC1evBh2pFzZMzo
qjo9Omt9Ifr5jiuEDClu5+tPCXIwL7aPwBb1zDzEWgx7Kv5MzcJaf/XaF7mG00p2
bJdex7ANIaE46ZQvghvv3xgVfjzxczyGlvRW2zXowkZc9TVZ6xfw6RKmm5DLVDAV
QUlP/b9m1aYb1ffcgtDyu0mu3BAp8NhyNRYrYE47hom7xtsiQNKNEDp0D4a5SJ7Z
ayXjlvvyzyTmxt/tAcZaLOclN+gcQR25r0O4vUbQbgw4VxxGlpVsZF2jnrZimN6t
qK8yVoRaTWVjD6vWIZdV9Jv/Lce8mwN0NYOsVa/rGQ9rT+G27n1U6q5IXZhmoWbW
qs82FHNSlZy55rvoC8Cjmz52oF9OIcx4Gzp13+4zK3JPrmZ03h4KdCWUEZ/5vx7R
7zV9GSOVFm+cf25/7bHTCxMO8wLbgl3isuUCyui92H9ZrSVmdg8QLgyaYhZXJtTP
ax8kKpqHqTyk8RW6GZAlMVyUvBHPAhj2Cvw16l+i/nOtAniohTiHavv+hqvgeWh0
qGhGfxzShf0=
=adDt
-----END PGP SIGNATURE-----