Albert Dengg discovered that incorrect parsing of <stream:error> messages in the Prosody Jabber/XMPP server may result in denial of service. The oldstable distribution is not affected.