From ${URL} : Multiple security issues were found in Atheme, an IRC services package, which will be fixed in the upcoming 7.2.7 release. Could CVEs be assigned to the issues summarized below? Fix: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b Description: A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks. Reference: https://github.com/atheme/atheme/issues/397 Fix: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e Description: Under certain circumstances, a remote attacker could cause denial of service due to a buffer overflow in the XMLRPC response encoding code. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
$ git tag --contains c597156adc60a45b5f827793cd420945f47bc03b | sort v7.2.7 $ git tag --contains 87580d767868360d2fed503980129504da84b63e | sort v7.2.7 @ Maintainer(s): Please bump to >=net-irc/atheme-services-7.2.7. CC'ing treecleaners because package has no maintainer and nothing depends on the package.
# Michał Górny <mgorny@gentoo.org> (05 Jun 2017) # (on behalf of Treecleaner project) # Unmaintained in Gentoo. Multiple bugs, including a security # vulnerability. Removal in 30 days. Bug #581960. net-irc/atheme-services
I'll see if I can proxy-maintain this. Will take a stab at it next Thursday.
I managed to get the latest version 7.2.9 working, but need to make a few tweaks as well as address the QA issues (https://bugs.gentoo.org/show_bug.cgi?id=520490). Current WIP can be found here: https://github.com/clinew/gentoo/commits/net-irc/atheme-services Should be able to submit a PR next Thursday.
Pull request sent: https://github.com/gentoo/gentoo/pull/5014
removed
