Date: Tue, 21 Apr 2026 11:43:29 +0000 From: Ashish SHUKLA <ashish@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 1ff7aec950f3 - main - security/vuxml: Document ejabberd vulnerability Message-ID: <69e762e1.43a1c.26bfc4e9@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by ashish: URL: https://cgit.FreeBSD.org/ports/commit/?id=1ff7aec950f35c95d22c6459459578635f0b7b9a commit 1ff7aec950f35c95d22c6459459578635f0b7b9a Author: Ashish SHUKLA <ashish@FreeBSD.org> AuthorDate: 2026-04-21 11:40:59 +0000 Commit: Ashish SHUKLA <ashish@FreeBSD.org> CommitDate: 2026-04-21 11:40:59 +0000 security/vuxml: Document ejabberd vulnerability --- security/vuxml/vuln/2026.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 3cf5462d3af2..f2303098b43b 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,33 @@ + <vuln vid="82064ab5-3d76-11f1-89ab-901b0e9408dc"> + <topic>ejabberd -- Potential DDoS in XML Parser</topic> + <affects> +<package> +<name>ejabberd</name> +<range><lt>26.04</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ejabberd team reports:</p> + <blockquote cite="https://www.process-one.net/blog/ejabberd-26-04/"> + <p>This release adds new options that limit max memory used + by XML parser used to process XMPP payloads, to prevent + potential Denial of Service attack. The default values for + pre-auth provide sufficient protection for ejabberd against + non-authenticated users on c2s and s2s, so there is no need + to change your configuration.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.process-one.net/blog/ejabberd-26-04/</url> + </references> + <dates> + <discovery>2026-04-20</discovery> + <entry>2026-04-21</entry> + </dates> + </vuln> + <vuln vid="0d8b1126-0864-4934-b63f-c713526ead32"> <topic>zeek -- potential DoS vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e762e1.43a1c.26bfc4e9>
