Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 398159 (CVE-2012-0033)

Summary: <net-irc/znc-0.202-r1 : Denial of Service (CVE-2012-0033)
Product: Gentoo Security Reporter: Sean Amoss (RETIRED) <ackle>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: net-irc, wired
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2012/01/08/2
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Sean Amoss (RETIRED) gentoo-dev Security 2012-01-08 15:57:26 UTC 
From CVE request at $URL:

please assign a CVE ID to a DoS issue in the ZNC IRC bouncer.

I don't have a upstream reference, but the upstream patch applied 
by the Debian maintainer can be found here:

http://patch-tracker.debian.org/patch/series/view/znc/0.202-2/01-fix-bouncedcc-dos.diff 
http://packages.qa.debian.org/z/znc/news/20120107T145601Z.html
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-08 16:11:50 UTC 
from commit:

Affected ZNC versions: 0.200, 0.202.

probably here it should be ~3 ?
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-08 16:38:48 UTC 
Indeed, 0.9.4 does not include bouncedcc module.
Comment 3 Alex Alexander (RETIRED) gentoo-dev 2012-01-08 18:20:18 UTC 
patch applied in znc-0.202-r1
old ebuild removed.

upstream reference: http://sprunge.us/TAGd

thanks :)
Comment 4 Alex Alexander (RETIRED) gentoo-dev 2012-01-08 18:29:57 UTC 
real upstream reference:
https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-01-08 19:07:45 UTC 
Thanks, everyone. Closing noglsa since stable packages were not affected.