Candidate: CVE-2014-2744
PublicDate: 2014-04-11 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2744
 http://hg.prosody.im/0.9/rev/b3b1c9da38fb
Description:
 plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch
 Metronome through 3.4 negotiates stream compression while a session is
 unauthenticated, which allows remote attackers to cause a denial of service
 (resource consumption) via compressed XML elements in an XMPP stream, aka
 an "xmppbomb" attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_prosody:
upstream_prosody: released (0.9.4-1)
lucid_prosody: ignored (reached end-of-life)
precise_prosody: ignored (reached end-of-life)
precise/esm_prosody: DNE (precise was needed)
quantal_prosody: ignored (reached end-of-life)
saucy_prosody: ignored (reached end-of-life)
trusty_prosody: ignored (reached end-of-life)
trusty/esm_prosody: DNE (trusty was needed)
utopic_prosody: not-affected (0.9.4-1)
vivid_prosody: not-affected (0.9.4-1)
vivid/stable-phone-overlay_prosody: DNE
vivid/ubuntu-core_prosody: DNE
wily_prosody: not-affected (0.9.4-1)
xenial_prosody: not-affected (0.9.4-1)
yakkety_prosody: not-affected (0.9.4-1)
zesty_prosody: not-affected (0.9.4-1)
artful_prosody: not-affected (0.9.4-1)
bionic_prosody: not-affected (0.9.4-1)
cosmic_prosody: not-affected (0.9.4-1)
disco_prosody: not-affected (0.9.4-1)
devel_prosody: not-affected (0.9.4-1)