Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 952940 - net-irc/inspircd-4.X potential denial of service by privileged user
Summary: net-irc/inspircd-4.X potential denial of service by privileged user
Status: UNCONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-30 23:15 UTC by Wade Cline
Modified: 2025-03-30 23:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wade Cline 2025-03-30 23:15:42 UTC 
The 4.X series of InspIRCd contains a vulnerability where a server operator with a custom connect class can be used in order to remotely crash the InspIRCd server.  Details: https://docs.inspircd.org/security/2025-01/

Note that this vulnerability is not expected to affect most configurations.  The vulnerability is fixed in 4.7.0.  PR for 4.7.0: https://github.com/gentoo/gentoo/pull/41394
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2025-03-30 23:38:31 UTC 
Thank you! For the purposes of targeting, are we planning on stabling 4.x any time soon or are we maintaining 3.x and 4.x as separate release lines?
Comment 2 Wade Cline 2025-03-30 23:43:06 UTC 
I'm planning on stabilizing 4.X soon and maintaining 3.X until EoY 2025 when upstream ends it.  Since no ebuild in 4.X has yet been stabilized I think merging unstable 4.7.0 and then stabilizing it in 30 days will be sufficient.

Would it makes sense to drop 4.6.0 early?  I normally give users 30 days before dropping the old.