File _patchinfo of Package patchinfo.16824

<patchinfo incident="16824">
  <issue tracker="cve" id="2021-37601"/>
  <issue tracker="bnc" id="1188976">VUL-0: CVE-2021-37601:  Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.</issue>
  <packager>jubalh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for prosody</summary>
  <description>This update for prosody fixes the following issues:

prosody was updated to 0.11.10:

Security:

* MUC: Fix logic for access to affiliation lists CVE-2021-37601 (boo#1188976)

    https://prosody.im/security/advisory_20210722/

Minor changes:

* prosodyctl: Add &#8216;limits&#8217; to known globals to warn about misplacing it
* util.ip: Fix netmask for link-local address range
* mod_pep: Remove obsolete node restoration code
* util.pubsub: Fix traceback if node data not initialized
</description>
</patchinfo>