Debian Linux Security Advisory 4216-1 - It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.
6ebe74514cecc45122f83798c8a0329e45fbad548453ab8c093f7accdf9e8a94