Summary: | net-irc/ngircd < 0.10.4 IRC PART Remote DoS (CVE-2008-0285) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Marek Czernohous <mc> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-irc |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://ngircd.barton.de/index.html.en | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Marek Czernohous
2008-01-07 22:39:04 UTC
0.10.4 in CVS Arches, please test and mark stable net-irc/ngircd-0.10.4. Target keywords : "ppc x86" amd64, want this stable too? Been there for some time. From ChangeLog: ngIRCd 0.10.4 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD]. x86 stable We'll mark it stable after it's been a month or so. Currently no real reason to mark it stable. @armin76, would you be so kind as to stab me when in a month so that I can mark it stable? :) ppc stable (In reply to comment #5) > @armin76, would you be so kind as to stab me when in a month so > that I can mark it stable? :) > He's always kind enough to stab you ;) *hides* GLSA vote. YES for me. YES from me as well. Mh, the next major-release is published, but i don't want to file a zero-day-bump-request :-) http://ngircd.barton.de/index.html.en Changelog ngIRCd 0.11.0 (2008-01-15) ngIRCd 0.11.0-pre2 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD]. ngIRCd 0.11.0-pre1 (2008-01-02) - Use dotted-decimal IP address if hostname is >= 64. - Add support for /STAT u (server uptime) command. - New [Server] configuration Option "Bind" allows to specify the source ip adress to use when connecting to remote server. - New configuration option "MaxNickLength" to specify the allowed maximum length of user nick names. Note: must be unique in an IRC network! - Enhanced the IRC+ protocol to support an enhanced "server handshake" and enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD). See doc/Protocol.txt for details. - Re-added doc/SSL.txt to distribution -- got lost somewhere!? - Fixes the wrong logging output when nested servers are introduced to the network as well as the wrong output of the LINKS command. - Update Mac OS X Xcode project file for Xcode 3. - Adjust test suite to be usable on HP/UX 11.11 :-) - Fix code to compile using K&R C compiler and ansi2kr again. - New config option NoDNS: Disables DNS lookups when clients connect. - Fixed propagation of channel mode 'P' on server links. - Numeric 317: implemented "signon time" (displayed in WHOIS result). - Fixed code that prevented GCC 2.95 to compile ngIRCd. - Adjust path names in manual pages according to "./configure" settings. - Added new server configuration option "Passive" for "Server" blocks to disable automatic outgoing connections (similar to -p option to ngircd, but only for the specified server). (Tassilo Schweyer) - Don't connect to a server if a connection to another server within the same group is already in progress. - Added support for the WALLOPS command. Usage is restricted to IRC operators. (In reply to comment #10) > Mh, the next major-release is published, but i don't want to file a > zero-day-bump-request :-) That is definitely stuff for a new bug, but give maintainers some days please. CVE-2008-0285 was assigned. GLSA 200801-13, all done. |