Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 02 May 2026 11:31:03 +0000
From:      Yusuf Yaman <nxjoseph@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Cc:        Thomas Morper <twm@pdp11.pw>
Subject:   git: cac0111256df - main - security/vuxml: add Prosody XMPP server advisory 2026-04-29
Message-ID:  <69f5e077.31453.20c0f7c@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by nxjoseph:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cac0111256df5555ecc7d3a471a4e27d26cd11cf

commit cac0111256df5555ecc7d3a471a4e27d26cd11cf
Author:     Thomas Morper <twm@pdp11.pw>
AuthorDate: 2026-05-02 11:29:02 +0000
Commit:     Yusuf Yaman <nxjoseph@FreeBSD.org>
CommitDate: 2026-05-02 11:30:17 +0000

    security/vuxml: add Prosody XMPP server advisory 2026-04-29
    
    CVEs requested but not received yet.
    
    PR:             294898
    Reported by:    Thomas Morper <twm@pdp11.pw> (maintainer),
                    Max Hearnden (security)
    Approved by:    vvd (co-mentor, implicit)
    URL:            https://prosody.im/security/advisory_735dd9d3/
    Security:       a420f545-442c-11f1-b9b5-589cfc0dc9a2
---
 security/vuxml/vuln/2026.xml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 5a45f04b7837..3968ec487150 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,32 @@
+  <vuln vid="a420f545-442c-11f1-b9b5-589cfc0dc9a2">
+    <topic>Prosody XMPP server advisory 2026-04-29</topic>
+    <affects>
+      <package>
+      <name>prosody</name>
+      <range><lt>13.0.5</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The Prosody team reports:</p>
+	<blockquote cite="https://prosody.im/security/advisory_735dd9d3/">;
+	<p>Traffic patterns were discovered which can cause Prosody to consume excessive
+	amounts of memory with much smaller amounts of incoming traffic. This traffic
+	can be sent by unauthenticated connections. It was discovered that
+	mod_proxy65’s access control was broken and incomplete due to two bugs.</p>
+	<p>The issue with unpausing connections was discovered and disclosed by <a href="https://github.com/MaxHearnden">Max Hearnden</a>.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://prosody.im/security/advisory_735dd9d3/</url>;
+    </references>
+    <dates>
+      <discovery>2026-04-29</discovery>
+      <entry>2026-04-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7ebfb0bf-44b4-11f1-8b82-3c7c3fba4204">
     <topic>Text::CSV_XS -- CWE-825 Expired Pointer Dereference</topic>
     <affects>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f5e077.31453.20c0f7c>