Candidate: CVE-2014-2745
PublicDate: 2014-04-11 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2745
 http://hg.prosody.im/0.9/rev/a97591d2e1ad
 http://hg.prosody.im/0.9/rev/1107d66d2ab2
Description:
 Prosody before 0.9.4 does not properly restrict the processing of
 compressed XML elements, which allows remote attackers to cause a denial of
 service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb"
 attack, related to core/portmanager.lua and util/xmppstream.lua.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_prosody:
upstream_prosody: released (0.9.4-1)
lucid_prosody: ignored (reached end-of-life)
precise_prosody: ignored (reached end-of-life)
precise/esm_prosody: DNE (precise was needed)
quantal_prosody: ignored (reached end-of-life)
saucy_prosody: ignored (reached end-of-life)
trusty_prosody: ignored (reached end-of-life)
trusty/esm_prosody: DNE (trusty was needed)
utopic_prosody: not-affected (0.9.4-1)
vivid_prosody: not-affected (0.9.4-1)
vivid/stable-phone-overlay_prosody: DNE
vivid/ubuntu-core_prosody: DNE
wily_prosody: not-affected (0.9.4-1)
xenial_prosody: not-affected (0.9.4-1)
yakkety_prosody: not-affected (0.9.4-1)
zesty_prosody: not-affected (0.9.4-1)
artful_prosody: not-affected (0.9.4-1)
bionic_prosody: not-affected (0.9.4-1)
cosmic_prosody: not-affected (0.9.4-1)
disco_prosody: not-affected (0.9.4-1)
devel_prosody: not-affected (0.9.4-1)