A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected by this issues. For the stable distribution , this problem has been fixed in version 0.8.2-4+deb7u1 of prosody. For the unstable distribution , this problem has been fixed in version 0.9.4-1 of prosody.