Debian Patches
Status for prosody/0.12.3-1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-conf.patch | conf | Matthew James Wild <mwild1@gmail.com> | no | 2014-01-10 | ||
| 0002-upstream-conf.patch | upstream-conf | Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org> | no | 2022-09-26 | ||
| 0004-fix-package.path-of-ejabberd2prosody.patch | fix package.path of ejabberd2prosody | Enrico Tassi <gareuselesinge@debian.org> | no | 2014-03-14 | ||
| 0005-CVE-2026-43504.patch | mod_proxy65: Consistently apply authorization checks The module checked for authorization when a client asked for the address:port of the proxy service. It did not check for authorization when processing a request to activate a bytestream. This meant that any unauthenticated party able to guess the IP/port and XMPP domain of a proxy65 service (generally low difficulty) would be able to use the proxy to relay traffic between two connections. This factors out the permission check, and applies it to every request type. |
Matthew Wild <mwild1@gmail.com> | no | 2026-05-04 | ||
| 0006-CVE-2026-43505.patch | mod_proxy65: Don't link connections until after activation Although the module pauses the connections, in some cases server.link() (at least with the epoll backend) will have the effect of unpausing the connection (because it sets new read handlers). Many thanks to Max Hearnden for discovering and reporting this issue. |
Matthew Wild <mwild1@gmail.com> | no | 2026-05-04 | ||
| 0007-mod_c2s-Remove-timers-immediately-on-disconnection.patch | mod_c2s: Remove timers immediately on disconnection | Waqas Hussain <waqas20@gmail.com> | no | 2026-05-04 | ||
| 0008-net.server_epoll-Clean-up-timers-after-disconnection.patch | net.server_epoll: Clean up timers after disconnection | Waqas Hussain <waqas20@gmail.com> | no | 2026-05-04 | ||
| 0009-moduleapi-Use-multitable-add-remove-instead-of-set.patch | moduleapi: Use multitable add/remove instead of set multitable:set() does not clear intermediate keys when setting the last one to nil. This meant that the event_handlers multitable for every module was not properly cleaning up the object and event name from the table when calling :unhook_object_event(). This combined badly with e.g. mod_bookmarks, which uses this extensively to add/remove hooks dynamically for mod_pep services. The multitable kept a reference to every mod_pep service object ever created, causing a memory leak. The multitable:remove() function clears intermediate keys when they are empty, so we've switched to using that now. |
Matthew Wild <mwild1@gmail.com> | no | 2026-05-04 | ||
| 0010-mod_c2s-mod_s2s-Introduce-separate-pre-authenticatio.patch | mod_c2s,mod_s2s: Introduce separate pre-authentication stanza size limit This should prevent unauthenticated resource use via the XML parser. |
Kim Alvefur <zash@zash.se> | no | 2026-05-04 | ||
| 0011-util.xmppstream-Support-limiting-total-number-of-des.patch | util.xmppstream: Support limiting total number of descendent elements in a stanza | Matthew Wild <mwild1@gmail.com> | no | 2026-05-04 | ||
| 0012-mod_c2s-mod_s2s-Add-configurable-limit-for-stanza-ma.patch | mod_c2s, mod_s2s: Add configurable limit for stanza max child elements | Matthew Wild <mwild1@gmail.com> | no | 2026-05-04 |
All known versions for source package 'prosody'
- 13.0.6-1 (sid)
- 13.0.5-1 (forky)
- 13.0.5-1~bpo13+1 (trixie-backports)
- 13.0.1-1+deb131u (trixie-security, trixie)
- 13.0.1-1~bpo12+1 (bookworm-backports)
- 0.12.3-1+deb12u1 (bookworm-security, bookworm)