|Summary:||net-irc/inspircd <1.1.19 namesx and uhnames DoS (CVE-2008-1925)|
|Product:||Gentoo Security||Reporter:||Robert Buchholz (RETIRED) <rbu>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||minor||CC:||brain, esycat, maintainer-needed, satmd|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||218880|
Description Robert Buchholz (RETIRED) 2008-04-01 14:00:42 UTC
Upstream site: This is a HIGHLY RECOMMENDED release. You SHOULD upgrade to it ASAP as it contains security fixes. ... If you use a version prior to 1.1.18 and you do NOT use m_namesx, you should update to 1.1.18 on the fly, then load m_namesx to avoid using code vulnerable to a crash. If you use either uhnames or namesx, you should reload both of those modules after upgrading.
Comment 1 Robert Buchholz (RETIRED) 2008-04-01 14:04:56 UTC
I wrote an email to Craig Edwards to see whether he has a new proxy maintainer or no interest anymore.
Comment 2 Craig Edwards 2008-04-01 18:19:53 UTC
I don't know who to ask about proxy maintaining of this - to be honest, maintaining packages is not my area of expertise. I can get a 1.1.18 ebuild done for this and will submit it as a patch to this bug for whoever has access to apply.
Comment 3 Craig Edwards 2008-04-01 18:51:28 UTC
Created attachment 147990 [details] 1.1.18 ebuild by satmd should work fine for 1.1.18 release, fixes crashbug in NAMES when certain configurations are enabled.
Comment 4 Craig Edwards 2008-04-06 23:04:48 UTC
anything happening with this?
Comment 5 Robert Buchholz (RETIRED) 2008-04-07 00:36:14 UTC
Sorry Craig, the fact that this does not have a dedicated maintainer is keeping things at a slow pace. I'll look into committing this tomorrow, hopefully.
Comment 6 Craig Edwards 2008-04-07 21:10:18 UTC
Thanks Robert :-) Much appreciated
Comment 7 satmd 2008-04-15 14:05:51 UTC
The ebuilds are from my local repo at http://lain.at/dev/portage_overlay/net-irc/inspircd/ - where I have submitted an updated ebuild just yesterday (adding ldap to IUSE).
Comment 9 Robert Buchholz (RETIRED) 2008-04-23 18:51:35 UTC
I'll be bumping this to 1.1.19 after discussion in bug 218880 is done.
Comment 10 Robert Buchholz (RETIRED) 2008-04-23 19:06:11 UTC
1.1.19 is in the tree. Craig, satmd, it would be great if I could get some feedback from you guys whether the ebuild is working ok. Then I'll add arches for a fast stabling.
Comment 11 Craig Edwards 2008-04-23 20:49:42 UTC
works fine for me :-)
Comment 12 Robert Buchholz (RETIRED) 2008-04-23 21:04:17 UTC
Craig, thanks for testing. Arches, please test and mark stable: =net-irc/inspircd-1.1.19 Target keywords : "ppc release x86"
Comment 13 Markus Meier 2008-04-26 11:06:25 UTC
26 Apr 2008; Markus Meier <firstname.lastname@example.org> inspircd-1.1.19.ebuild: fix cp for openssl in src_unpack, fix ipv6 detection, x86 stable (security bug #215704)
Comment 14 Tobias Scherbaum (RETIRED) 2008-04-28 17:45:44 UTC
Comment 15 Peter Volkov (RETIRED) 2008-04-29 05:41:10 UTC
Fixed in release snapshot.
Comment 16 Pierre-Yves Rofes (RETIRED) 2008-05-06 14:20:31 UTC
time for GLSA vote here. DoS on an IRC server... *sigh*. I vote yes.
Comment 17 Robert Buchholz (RETIRED) 2008-05-06 14:50:40 UTC
Comment 18 Robert Buchholz (RETIRED) 2008-05-09 14:34:11 UTC